diff --git a/charts/apitestrig/.gitignore b/charts/apitestrig/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/apitestrig/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/apitestrig/.helmignore b/charts/apitestrig/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/apitestrig/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/apitestrig/Chart.yaml b/charts/apitestrig/Chart.yaml deleted file mode 100644 index ffa48e31d..000000000 --- a/charts/apitestrig/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: apitestrig -description: A Helm chart to deploy APITESTRIG for MOSIP modules -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - apitestrig -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/apitestrig/README.md b/charts/apitestrig/README.md deleted file mode 100644 index 25c35e359..000000000 --- a/charts/apitestrig/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# APITESTRIG - -Helm chart to deploy APITESTRIG for `MOSIP` modules - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/apitestrig -``` diff --git a/charts/apitestrig/templates/NOTES.txt b/charts/apitestrig/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/apitestrig/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/apitestrig/templates/_helpers.tpl b/charts/apitestrig/templates/_helpers.tpl deleted file mode 100644 index d99caf0c4..000000000 --- a/charts/apitestrig/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "apitestrig.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "apitestrig.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "apitestrig.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "apitestrig.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "apitestrig.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "apitestrig.validateValues.foo" .) -}} -{{- $messages := append $messages (include "apitestrig.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "apitestrig.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* Create the name for restart cronjob */}} -{{- define "apitestrig.cronjob" -}} -{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- end -}} \ No newline at end of file diff --git a/charts/apitestrig/templates/clusterrole.yaml b/charts/apitestrig/templates/clusterrole.yaml deleted file mode 100644 index da268fdf5..000000000 --- a/charts/apitestrig/templates/clusterrole.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "apitestrig.serviceAccountName" . }}-{{ .Release.Namespace }} - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get","patch","list","watch"] diff --git a/charts/apitestrig/templates/clusterrolebinding.yaml b/charts/apitestrig/templates/clusterrolebinding.yaml deleted file mode 100644 index 12594c8d1..000000000 --- a/charts/apitestrig/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-{{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "apitestrig.serviceAccountName" . }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: {{ template "apitestrig.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/apitestrig/templates/configmaps.yaml b/charts/apitestrig/templates/configmaps.yaml deleted file mode 100644 index 492508377..000000000 --- a/charts/apitestrig/templates/configmaps.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.apitestrig.configmaps }} -{{- range $cm_name, $cm_value := .Values.apitestrig.configmaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/apitestrig/templates/cronjob.yaml b/charts/apitestrig/templates/cronjob.yaml deleted file mode 100644 index b496ee50a..000000000 --- a/charts/apitestrig/templates/cronjob.yaml +++ /dev/null @@ -1,111 +0,0 @@ -{{- range $modulename, $module := $.Values.modules }} -{{- if $module.enabled }} ---- -apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }} -kind: CronJob -metadata: - name: {{ template "apitestrig.cronjob" $ }}-{{ $modulename }} - namespace: {{ $.Release.Namespace }} - annotations: - {{- if $.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - -spec: - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 # remove jobs which are successfully executed - failedJobsHistoryLimit: 1 # except 1 recent failed job, remove jobs which are not successfully executed - #schedule: '*/3 * * * *' # cron spec of time, here, 8 o'clock - schedule: {{ $.Values.crontime }} - jobTemplate: - spec: - backoffLimit: 0 # this has very low chance of failing, as all this does - # is prompt kubernetes to schedule new replica set for - # the deployment - # activeDeadlineSeconds: 600 # timeout, makes most sense with - # "waiting for rollout" variant specified below - template: - spec: - # account configured above - restartPolicy: Never - serviceAccountName: {{ template "apitestrig.serviceAccountName" $ }} - initContainers: - {{- if $.Values.enable_insecure }} - {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 12 }} - {{- end }} - containers: - - name: {{ template "apitestrig.serviceAccountName" $ }}-{{ $modulename }} - image: {{ $module.image.repository }}:{{ $module.image.tag }} - imagePullPolicy: {{ $module.image.pullPolicy }} - {{- if $.Values.lifecycleHooks }} - lifecycle: {{- include "common.tpvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.containerSecurityContext.enabled }} - securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if $.Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: container_user - value: {{ $.Values.containerSecurityContext.runAsUser }} - - name: JDK_JAVA_OPTIONS - value: {{ $.Values.additionalResources.javaOpts }} - - name: MODULES - value: {{ $modulename }} - {{- if $.Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if $.Values.extraEnvVarsCM }} - {{- range $.Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if $.Values.extraEnvVarsSecret }} - {{- range $.Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - ports: - - name: spring-service - containerPort: {{ $.Values.springServicePort }} - {{- if $.Values.resources }} - resources: {{- toYaml $.Values.resources | nindent 14 }} - {{- end }} - volumeMounts: - {{- if $.Values.enable_insecure }} - - mountPath: /usr/local/openjdk-11/lib/security/cacerts - name: cacerts - subPath: cacerts - {{- end }} - {{- if $.Values.apitestrig.volumes }} - {{- range $volume_name, $volume_value := $.Values.apitestrig.volumes.configmaps }} - - name: {{ $volume_name }} - mountPath: {{ $volume_value.volumeMounts.mountPath }} - {{- end }} - {{- end }} - volumes: - {{- if $.Values.enable_insecure }} - - name: cacerts - emptyDir: {} - {{- end }} - {{- if $.Values.apitestrig.volumes }} - {{- range $volume_name, $volume_value := $.Values.apitestrig.volumes.configmaps }} - - name: {{ $volume_name }} - configMap: - defaultMode: {{ $volume_value.defaultMode }} - name: {{ $volume_name }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/apitestrig/templates/extra-list.yaml b/charts/apitestrig/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/apitestrig/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/apitestrig/templates/secrets.yaml b/charts/apitestrig/templates/secrets.yaml deleted file mode 100644 index 1ef8dc989..000000000 --- a/charts/apitestrig/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.apitestrig.secrets }} -{{- range $secret_name, $secret_value := .Values.apitestrig.secrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secret_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -type: Opaque -data: - {{- range $key, $value := $secret_value }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/apitestrig/templates/service-account.yaml b/charts/apitestrig/templates/service-account.yaml deleted file mode 100644 index 466590df4..000000000 --- a/charts/apitestrig/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "apitestrig.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/apitestrig/values.yaml b/charts/apitestrig/values.yaml deleted file mode 100644 index 044b0f539..000000000 --- a/charts/apitestrig/values.yaml +++ /dev/null @@ -1,557 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -## Port on which this particular spring service module is running. -springServicePort: 8083 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: ['/bin/bash'] -args: ['-c', "/home/${container_user}/scripts/fetch_docker_image_hash_ids.sh"] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1500m - memory: 3500Mi - requests: - cpu: 1000m - memory: 3500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2600M -Xmx2600M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - global - - s3 - - keycloak-host - - db - - apitestrig - - config-server-share - - artifactory-share -## Secret with extra environment variables -## -extraEnvVarsSecret: - - apitestrig - - s3 - - keycloak-client-secrets - - postgres-postgresql - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: - - command: - - /bin/bash - - -c - - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" - |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST - $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" - -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN - CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool - -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass - changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" - -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" - ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; - EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; - fi - env: - - name: ENABLE_INSECURE - value: "true" - envFrom: - - configMapRef: - name: global - image: docker.io/openjdk:11-jre - imagePullPolicy: Always - name: cacerts - resources: {} - securityContext: - runAsUser: 0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /cacerts - name: cacerts - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: false - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -## Admin swagger should have only internal access. Hence linked to internal gateway -istio: - enabled: false - gateways: - - istio-system/internal - prefix: - corsPolicy: - allowOrigins: - - prefix: https://api-internal.sandbox.xyz.net - allowCredentials: true - allowHeaders: - - Accept - - Accept-Encoding - - Accept-Language - - Connection - - Content-Type - - Cookie - - Host - - Referer - - Sec-Fetch-Dest - - Sec-Fetch-Mode - - Sec-Fetch-Site - - Sec-Fetch-User - - Origin - - Upgrade-Insecure-Requests - - User-Agent - - sec-ch-ua - - sec-ch-ua-mobile - - sec-ch-ua-platform - - x-xsrf-token - - xsrf-token - allowMethods: - - GET - - POST - - PATCH - - PUT - - DELETE - -modules: - prereg: - enabled: false - image: - repository: mosipqa/apitest-prereg - tag: develop - pullPolicy: Always - masterdata: - enabled: false - image: - repository: mosipqa/apitest-masterdata - tag: develop - pullPolicy: Always - idrepo: - enabled: false - image: - repository: mosipqa/apitest-idrepo - tag: develop - pullPolicy: Always - partner: - enabled: false - image: - repository: mosipqa/apitest-pms - tag: develop - pullPolicy: Always - pms: - enabled: false - image: - repository: mosipdev/apitest-pms - tag: develop - pullPolicy: Always - resident: - enabled: false - image: - repository: mosipqa/apitest-resident - tag: develop - pullPolicy: Always - auth: - enabled: false - image: - repository: mosipqa/apitest-auth - tag: develop - pullPolicy: Always - esignet: - enabled: false - image: - repository: mosipqa/apitest-esignet - tag: develop - pullPolicy: Always - mimoto: - enabled: false - image: - repository: mosipqa/apitest-mimoto - tag: develop - pullPolicy: Always - injicertify: - enabled: false - image: - repository: mosipqa/apitest-injicertify - tag: develop - pullPolicy: Always - esignet-signup: - enabled: false - image: - repository: mosipqa/apitest-esignet-signup - tag: develop - pullPolicy: Always - -crontime: "0 3 * * *" ## run cronjob every day at 3 AM (time hr: 0-23 ) - -apitestrig: - configmaps: - s3: - s3-host: 'http://minio.minio:9000' - s3-user-key: 'admin' - s3-region: '' - db: - db-port: '5432' - db-su-user: 'postgres' - db-server: 'api-internal.sandbox.xyz.net' - apitestrig: - ENV_USER: 'api-internal.sandbox' - ENV_ENDPOINT: 'https://api-internal.sandbox.xyz.net' - ENV_TESTLEVEL: 'smokeAndRegression' - authDemoServiceBaseURL: http://authdemo.authdemo - authDemoServicePort: 80 - eSignetDeployed: yes or no - push-reports-to-s3: 'yes' - authCertsPath: '/home/mosip/authcerts' - scripts: - fetch_docker_image_hash_ids.sh: | - #!/bin/bash - sleep 5 - export DOCKER_HASH_ID=$( kubectl get pod "$HOSTNAME" -n "$NS" -o jsonpath='{.status.containerStatuses[*].imageID}' | sed 's/ /\n/g' | grep -v 'istio' | sed 's/docker\-pullable\:\/\///g' ) - export DOCKER_IMAGE=$( kubectl get pod "$HOSTNAME" -n "$NS" -o jsonpath='{.status.containerStatuses[*].image}' | sed 's/ /\n/g' | grep -v 'istio' | sed 's/docker\-pullable\:\/\///g' ) - if [[ -z $DOCKER_HASH_ID ]]; then - echo "DOCKER_HASH_ID IS EMPTY;EXITING"; - exit 1; - fi - echo "DOCKER_HASH_ID ; $DOCKER_HASH_ID" - echo "DOCKER_IMAGE : $DOCKER_IMAGE" - kubectl get pods -A -o=jsonpath='{range .items[*]}{.metadata.namespace}{","}{.metadata.labels.app\.kubernetes\.io\/name}{","}{.status.containerStatuses[?(@.name!="istio-proxy")].image}{","}{.status.containerStatuses[?(@.name!="istio-proxy")].imageID}{","}{.metadata.creationTimestamp}{"\n"}' | sed 's/ /\n/g' | grep -vE 'istio*|longhorn*|cattle*|rancher|kube' | sed 's/docker\-pullable\:\/\///g' | sort -u | sed '/,,,/d' | awk -F ',' 'BEGIN {print "{ \"POD_NAME\": \"'$(echo $HOSTNAME)'\", \"DOCKER_IMAGE\": \"'$(echo $DOCKER_IMAGE)'\", \"DOCKER_HASH_ID\": \"'$(echo $DOCKER_HASH_ID)'\", \"k8s-cluster-image-list\": ["} {print "{"} {print "\"namespace\": \"" $1 "\","} {print "\"app_name\": \"" $2 "\","} {print "\"docker_image_name\": \"" $3 "\","} {print "\"docker_image_id\": \"" $4 "\","} {print "\"creation_timestamp\": \"" $5 "\"" } {print "},"} END {print "]}"}' | sed -z 's/},\n]/}\n]/g' | jq -r . | tee -a images-list.json - ## run entrypoint script - sleep 5 - cd /home/${container_user}/ - bash ./entrypoint.sh - secrets: - apitestrig: - volumes: - configmaps: - scripts: - defaultMode: 0777 - volumeMounts: - mountPath: '/home/mosip/scripts/' - -enable_insecure: false diff --git a/charts/biosdk-service/Chart.yaml b/charts/biosdk-service/Chart.yaml deleted file mode 100644 index 177988b3c..000000000 --- a/charts/biosdk-service/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: biosdk-service -description: A Helm chart for MOSIP Auditmanager module -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - biosdk-service - - kernel -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/biosdk-service/values.yaml b/charts/biosdk-service/values.yaml deleted file mode 100644 index 6282bed4c..000000000 --- a/charts/biosdk-service/values.yaml +++ /dev/null @@ -1,435 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -image: - registry: docker.io - repository: mosipqa/biosdk-server - tag: develop - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -springServicePort: 9099 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## -startupProbe: - enabled: true - httpGet: - path: /biosdk-service/actuator/health - port: 9099 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 30 - successThreshold: 1 - -livenessProbe: - enabled: true - httpGet: - path: /biosdk-service/actuator/health - port: 9099 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - httpGet: - path: /biosdk-service/actuator/health - port: 9099 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 300m - memory: 2000Mi - requests: - cpu: 100m - memory: 500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms1250M -Xmx1250M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: - - name: server_servlet_context_env - value: /biosdk-service - - name: spring_application_name_env - value: biosdk-service - - name: spring_cloud_config_name_env - value: biosdk-service - -## ConfigMap with extra environment variables that used -## -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - -## Secret with extra environment variables -## -extraEnvVarsSecret: - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: {} - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -## TODO: Enable metrics after prometheus url is available -metrics: - enabled: false - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: /v1/biosdk-service/actuator/prometheus - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -## Only internal access -istio: - enabled: true - gateway: istio-system/internal - prefix: /biosdk-service - -## Biosdk server expects an SDK library (zip file). Default is a mock SDK available in the artifactory. -## You may specify any url as long as it can be accessed from within the cluster -## bioapi_impl: Classpath of SDK implementation within the SDK lib. -biosdk: - # zippedLibUrl: http://artifactory.artifactory/artifactory/libs-release-local/biosdk/mock/0.9/biosdk.zip - # bioapiImpl: io.mosip.biosdk.client.impl.spec_1_0.Client_V_1_0 - zippedLibUrl: http://artifactory.artifactory/artifactory/libs-release-local/biosdk/biosdk-lib.zip - bioapiImpl: io.mosip.mock.sdk.impl.SampleSDKV2 diff --git a/charts/conf-secrets/.gitignore b/charts/conf-secrets/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/conf-secrets/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/conf-secrets/.helmignore b/charts/conf-secrets/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/conf-secrets/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/conf-secrets/Chart.yaml b/charts/conf-secrets/Chart.yaml deleted file mode 100644 index cc6300b7d..000000000 --- a/charts/conf-secrets/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: conf-secrets -description: A Helm chart for deploying secrets required by MOSIP config-server -type: application -version: 0.0.1-develop -appVersion: 1.1.2 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - config-server - - conf-secrets -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/conf-secrets/templates/_helpers.tpl b/charts/conf-secrets/templates/_helpers.tpl deleted file mode 100644 index 74150b8c4..000000000 --- a/charts/conf-secrets/templates/_helpers.tpl +++ /dev/null @@ -1,24 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "conf-secrets.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "conf-secrets.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/conf-secrets/templates/secret.yaml b/charts/conf-secrets/templates/secret.yaml deleted file mode 100644 index 918c768d7..000000000 --- a/charts/conf-secrets/templates/secret.yaml +++ /dev/null @@ -1,34 +0,0 @@ -## This file contains various secrets that are needed by different mosip modules. The reason for defining -## them here (and not while module installation) is as follows: -## 1. These secrets are made available to modules via config property files (defined in *.properties) -## 2. Config server is installed before MOSIP modules -## 3. To preserve these secrets even when config-server is deleted and reinstalled, these secrets have been moved to different helm chart -## Some of them may not be used as the corresponding modules may not be installed. -## For websub hub secret refer to: https://www.w3.org/TR/websub/#subscriber-sends-subscription-request - -apiVersion: v1 -kind: Secret -metadata: - name: {{ printf "%s-various" (include "conf-secrets.fullname" .) }} -type: Opaque -data: - ida-websub-authtype-callback-secret: {{ randAlphaNum 16 | b64enc | quote }} - ida-websub-credential-issue-callback-secret: {{ randAlphaNum 16 | b64enc | quote }} - ida-websub-partner-service-callback-secret: {{ randAlphaNum 16 | b64enc | quote }} - ida-websub-ca-certificate-callback-secret: {{ randAlphaNum 16 | b64enc | quote }} - ida-websub-hotlist-callback-secret: {{ randAlphaNum 16 | b64enc | quote }} - ida-websub-masterdata-templates-callback-secret: {{ randAlphaNum 16 | b64enc | quote }} - ida-websub-masterdata-titles-callback-secret: {{ randAlphaNum 16 | b64enc | quote }} - idrepo-websub-vid-credential-update-secret: {{ randAlphaNum 16 | b64enc | quote }} - mosip-kernel-tokenid-uin-salt: {{ randAlphaNum 16 | b64enc | quote }} - mosip-kernel-tokenid-partnercode-salt: {{ randAlphaNum 16 | b64enc | quote }} - print-websub-hub-secret: {{ randAlphaNum 16 | b64enc | quote }} - hub-secret-encryption-key: {{ randAlphaNum 16 | b64enc | quote }} - resident-websub-authtype-status-secret: {{ randAlphaNum 16 | b64enc | quote }} - resident-websub-auth-transaction-status-secret: {{ randAlphaNum 16 | b64enc | quote }} - resident-websub-credential-status-update-secret: {{ randAlphaNum 16 | b64enc | quote }} - resident-websub-regproc-workflow-complete-secret: {{ randAlphaNum 16 | b64enc | quote }} - mosip-resident-request-credential-encryption-key: {{ randAlphaNum 16 | b64enc | quote }} - idrepo-websub-remove-id-status-secret: {{ randAlphaNum 16 | b64enc | quote }} - mosip-ida-kyc-token-secret: {{ randAlphaNum 32 | b64enc | b64enc | quote }} - mosip-partner-crypto-p12-password: {{ .Values.secrets.mosip_partner_crypto_p12_password | b64enc | quote }} \ No newline at end of file diff --git a/charts/conf-secrets/values.yaml b/charts/conf-secrets/values.yaml deleted file mode 100644 index cd8f9de62..000000000 --- a/charts/conf-secrets/values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -fullnameOverride: "" -nameOverride: "" -secrets: - mosip_partner_crypto_p12_password: 'abc123' diff --git a/charts/config-server/.gitignore b/charts/config-server/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/config-server/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/config-server/.helmignore b/charts/config-server/.helmignore deleted file mode 100644 index 684b32bf1..000000000 --- a/charts/config-server/.helmignore +++ /dev/null @@ -1,24 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -README.md diff --git a/charts/config-server/Chart.yaml b/charts/config-server/Chart.yaml deleted file mode 100644 index 20c86c789..000000000 --- a/charts/config-server/Chart.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v2 -name: config-server -description: A Helm chart for configuration of MOSIP modules -type: application -version: 0.0.2-develop -appVersion: 1.1.2 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - config-server -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/config-server/README.md b/charts/config-server/README.md deleted file mode 100644 index 01e5f8bf9..000000000 --- a/charts/config-server/README.md +++ /dev/null @@ -1,88 +0,0 @@ -# Config Server - -Helm chart for installing for Config Server. - -## Install - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/config-server -``` - -## Add New Placeholder - -* To add a new placeholder, we have to define it in the `_overides.tpl` file. -* In `overrides` section of `values.yaml`, add configmap or secret name in which new placeholder's value is defined. - ``` - overrides: - secrets: - secretName: - - configmaps: - configmapName: - ``` -* Based upon new secrets or configmaps added, add respective section in `_overides.tpl` file.
- ``: is the actual keyname for new placeholder's value added in configmap/secrets.
- ``: is referred as `placeholder.name` by config-server in property files.
- - Example for new value in configmap: - ``` - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - valueFrom: - configMapKeyRef: - name: {{ .Values.overrides.configmaps.configmapName }} - key: - ``` - Example for new value in secret: - ``` - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ - valueFrom: - secretKeyRef: - name: {{ .Values.overrides.secrets.secretName }} - key: - ``` - -### Enable config-server to pull configurations from local git repo. - -Set the below configuration values as mentioned in the values.yaml file in-order to pull the configurations from local git repository -* Set `localRepo` enabled to `true`. -* Update the `spring.profiles.active` to `native` under localRepo. -* Update the `spring.cloud.config.server.native.search-locations` to `file:///var/lib/config_repo` as this is the mountDir where your local configurations are cloned/maintained. -* Update the `spring.cloud.config.server.accept-empty` to `true`. # Server would return a HTTP 404 status, if the application is not found.By default, this flag is set to true. -* Update the `spring.cloud.config.server.git.force-pull` to `false`. # Spring Cloud Config Server makes a clone of the remote git repository and if somehow the local copy gets dirty (e.g. folder content changes by OS process) so Spring Cloud Config Server cannot update the local copy from remote repository but as our configurations are maintained locally we are setting this to `false`. -* Update the `spring.cloud.config.server.git.refreshRate` to `0`. # Setting up refresh rate to 5 seconds so that config server will check for updates in Git repo after every one minute, can be lowered down for production. -* Update the `spring.cloud.config.server.git.cloneOnStart` to `false`. # Adding provision to clone on start of server instead of first request but our configurations are stored in local so no need to clone the repository on start of server so setting it to `false`. - -### Enable config-server to pull configurations from multiple sources. - -In some scenarios, you may wish to pull configuration data from multiple environment repositories. To do so, you can enable the `composite profile` in your helm `values` YAML file, Composite Profiles in Spring Cloud Config Server provide a flexible mechanism for combining multiple profiles into a single effective profile. If, for example, you want to pull configuration data from a local repository as well as two Git repositories, you can set the following properties for your configuration server: - -``` -spring_profiles: - enabled: true - spring_profiles_active: composite - spring_compositeRepos: - - type: git # Type "git" is to pull the configurations from remote git repository. - uri: "https://github.com/mosip/inji-config" - version: develop - spring_cloud_config_server_git_cloneOnStart: true - spring_cloud_config_server_git_force_pull: true - spring_cloud_config_server_git_refreshRate: 5 - - type: git - uri: "https://github.com/mosip/mosip-config" - version: develop - spring_cloud_config_server_git_cloneOnStart: true - spring_cloud_config_server_git_force_pull: true - spring_cloud_config_server_git_refreshRate: 5 - - type: native # Type "native" is to pull the configurations from local git repository. - uri: "file:///var/lib/config_repo" # Dir path of local git repo - version: develop - spring_cloud_config_server_git_cloneOnStart: false # This is set to "false" when type is "native". - spring_cloud_config_server_git_force_pull: false # This is set to "false" when type is "native". - spring_cloud_config_server_git_refreshRate: 0 # This is set to "0" when type is "native". - spring_fail_on_composite_error: false -``` - -Using the above configuration, precedence is determined by the order in which repositories are listed under the composite key. In the above example, the git repository is listed first, so a value found in the git repository will override values found for the same property in the second configuration Git repository and third configuration local repository. - -Note: Based on the user requiremnt the number of multiple sources from where configuration needs to be pulled can be updated as mentioned in the above code block. \ No newline at end of file diff --git a/charts/config-server/templates/NOTES.txt b/charts/config-server/templates/NOTES.txt deleted file mode 100644 index 49d744ca3..000000000 --- a/charts/config-server/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "config-server.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "config-server.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "config-server.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "config-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/charts/config-server/templates/_helpers.tpl b/charts/config-server/templates/_helpers.tpl deleted file mode 100644 index 0c7bc043c..000000000 --- a/charts/config-server/templates/_helpers.tpl +++ /dev/null @@ -1,75 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "config-server.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "config-server.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "config-server.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "config-server.labels" -}} -helm.sh/chart: {{ include "config-server.chart" . }} -{{ include "config-server.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "config-server.selectorLabels" -}} -app.kubernetes.io/name: {{ include "config-server.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "config-server.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "config-server.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Determine if there are any native repos in the spring composite repos. -*/}} -{{- define "config-server.hasNative" -}} -{{- $hasNative := false -}} -{{- range .Values.spring_profiles.spring_compositeRepos }} - {{- if eq .type "native" }} - {{- $hasNative = true -}} - {{- end }} -{{- end }} -{{- $hasNative -}} -{{- end -}} diff --git a/charts/config-server/templates/config-pv.yaml b/charts/config-server/templates/config-pv.yaml deleted file mode 100644 index d209ba3aa..000000000 --- a/charts/config-server/templates/config-pv.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.spring_profiles.enabled }} - {{- if or .Values.localRepo.enabled (include "config-server.hasNative" . | eq "true") }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: {{ .Values.volume.name }} - labels: - name: {{ .Values.volume.name }} -spec: - storageClassName: {{ .Values.volume.storageClass }} - capacity: - storage: {{ .Values.volume.size }} - accessModes: - {{- range .Values.volume.accessModes }} - - {{ . }} - {{- end }} - nfs: - server: {{ .Values.volume.nfs.server }} - path: {{ .Values.volume.nfs.path }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/config-server/templates/config-pvc.yaml b/charts/config-server/templates/config-pvc.yaml deleted file mode 100644 index b06ab4867..000000000 --- a/charts/config-server/templates/config-pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.spring_profiles.enabled }} - {{- if or .Values.localRepo.enabled (include "config-server.hasNative" . | eq "true") }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ .Values.volume.name }} - namespace: {{ .Release.Namespace | quote }} -spec: - storageClassName: {{ .Values.volume.storageClass }} - accessModes: - {{- range .Values.volume.accessModes }} - - {{ . }} - {{- end }} - resources: - requests: - storage: {{ .Values.volume.size }} - selector: - matchLabels: - name: {{ .Values.volume.name }} - {{- end }} -{{- end }} diff --git a/charts/config-server/templates/configmap-env-vars.yaml b/charts/config-server/templates/configmap-env-vars.yaml deleted file mode 100644 index e77e702f0..000000000 --- a/charts/config-server/templates/configmap-env-vars.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-env-vars" (include "config-server.fullname" .) }} - namespace: {{ .Release.Namespace }} -data: - SPRING_CLOUD_CONFIG_SERVER_GIT_SEARCHPATHS: {{ .Values.gitRepo.searchFolders | quote }} - {{- if .Values.spring_profiles.enabled }} - {{- range $index, $repo := .Values.spring_profiles.spring_compositeRepos }} - SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_{{ $index }}_URI: "{{ $repo.uri }}" - {{- end }} - {{- else if .Values.localRepo.enabled }} - SPRING_CLOUD_CONFIG_SERVER_GIT_URI: {{ .Values.volume.mountDir | quote }} - - {{- else }} - SPRING_CLOUD_CONFIG_SERVER_GIT_URI: {{ .Values.gitRepo.uri | quote }} - {{- end }} - SPRING_CLOUD_CONFIG_SERVER_GIT_USERNAME: {{ .Values.gitRepo.username | quote }} diff --git a/charts/config-server/templates/configmap-share.yaml b/charts/config-server/templates/configmap-share.yaml deleted file mode 100644 index 08be86692..000000000 --- a/charts/config-server/templates/configmap-share.yaml +++ /dev/null @@ -1,16 +0,0 @@ -## The config map here defines env variables that are required by -## other modules -## sprint_config_url_env: Internal url of config server. Since config server is in its own namespace -## full service url is given to access the same. -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-share" (include "config-server.fullname" .) }} - namespace: {{ .Release.Namespace }} -data: - active_profile_env : {{ .Values.activeProfileEnv }} - spring_config_label_env: {{ .Values.gitRepo.version }} - spring_config_url_env: {{ printf "http://%s.%s/config" (include "config-server.fullname" .) .Release.Namespace }} - cache_config_url_env: {{ printf "http://%s.%s/config/*/%s/%s/hazelcast_cache.xml" (include "config-server.fullname" .) .Release.Namespace .Values.activeProfileEnv .Values.gitRepo.version }} - hub_config_file_url_env: {{ printf "http://%s.%s/config/*/%s/%s/websub-service.toml" (include "config-server.fullname" .) .Release.Namespace .Values.activeProfileEnv .Values.gitRepo.version }} - consolidator_config_file_url_env: {{ printf "http://%s.%s/config/*/%s/%s/websub-consolidator.toml" (include "config-server.fullname" .) .Release.Namespace .Values.activeProfileEnv .Values.gitRepo.version }} diff --git a/charts/config-server/templates/deployment.yaml b/charts/config-server/templates/deployment.yaml deleted file mode 100644 index 00045c369..000000000 --- a/charts/config-server/templates/deployment.yaml +++ /dev/null @@ -1,146 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "config-server.fullname" . }} - labels: - {{- include "config-server.labels" . | nindent 4 }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "config-server.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "config-server.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "config-server.serviceAccountName" . }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- if .Values.spring_profiles.enabled }} - - name: SPRING_PROFILES_ACTIVE - value: "{{ .Values.spring_profiles.spring_profiles_active }}" - {{- range $index, $repo := .Values.spring_profiles.spring_compositeRepos }} - - name: SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_{{ $index }}_URI - value: "{{ $repo.uri }}" - - name: SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_{{ $index }}_TYPE - value: "{{ $repo.type }}" - - name: SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_{{ $index }}_DEFAULT_LABEL - value: "{{ $repo.version }}" - - name: SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_{{ $index }}_CLONE_ON_START - value: "{{ $repo.spring_cloud_config_server_git_cloneOnStart }}" - - name: SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_{{ $index }}_FORCE_PULL - value: "{{ $repo.spring_cloud_config_server_git_force_pull }}" - - name: SPRING_CLOUD_CONFIG_SERVER_COMPOSITE_{{ $index }}_REFRESH_RATE - value: "{{ $repo.spring_cloud_config_server_git_refreshRate }}" - {{- end }} - - name: SPRING_CLOUD_CONFIG_SERVER_FAILONCOMPOSITEERROR - value: "{{ .Values.spring_profiles.spring_fail_on_composite_error }}" - {{- end }} - {{- if .Values.localRepo.enabled }} - - name: spring_cloud_config_server_native_search-locations - value: {{ .Values.localRepo.spring_cloud_config_server_native_search_locations | quote }} - - name: spring_cloud_config_server_accept-empty - value: {{ .Values.localRepo.spring_cloud_config_server_accept_empty | quote }} - - name: spring_cloud_config_server_git_force-pull - value: {{ .Values.localRepo.spring_cloud_config_server_git_force_pull | quote }} - - name: spring_cloud_config_server_git_refreshRate - value: {{ .Values.localRepo.spring_cloud_config_server_git_refreshRate | quote }} - - name: spring_cloud_config_server_git_cloneOnStart - value: {{ .Values.localRepo.spring_cloud_config_server_git_cloneOnStart | quote }} - {{- end }} - - - name: SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "config-server.fullname" . }} - key: github-token - {{- range .Values.envVariables }} - {{- if .enabled }} - - name: {{ .name }} - valueFrom: - {{- if .valueFrom.configMapKeyRef }} - configMapKeyRef: - name: {{ .valueFrom.configMapKeyRef.name }} - key: {{ .valueFrom.configMapKeyRef.key }} - {{- else if .valueFrom.secretKeyRef }} - secretKeyRef: - name: {{ .valueFrom.secretKeyRef.name }} - key: {{ .valueFrom.secretKeyRef.key }} - {{- end }} - {{- end }} - {{- end }} - - - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - - configMapRef: - name: {{ printf "%s-env-vars" (include "config-server.fullname" .) }} - ports: - - name: http - containerPort: {{ .Values.springServicePort }} - protocol: TCP - {{- if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- if .Values.spring_profiles.enabled }} - {{- if or .Values.localRepo.enabled (include "config-server.hasNative" . | eq "true") }} - volumeMounts: - - name: {{ .Values.volume.name }} - mountPath: {{ .Values.volume.mountDir }} - {{- end }} - {{- end }} - {{- if .Values.spring_profiles.enabled }} - {{- if or .Values.localRepo.enabled (include "config-server.hasNative" . | eq "true") }} - volumes: - - name: {{ .Values.volume.name }} - persistentVolumeClaim: - claimName: {{ .Values.volume.name }} - {{- end }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/config-server/templates/hpa.yaml b/charts/config-server/templates/hpa.yaml deleted file mode 100644 index 1608d76da..000000000 --- a/charts/config-server/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "config-server.fullname" . }} - labels: - {{- include "config-server.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "config-server.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/config-server/templates/ingress.yaml b/charts/config-server/templates/ingress.yaml deleted file mode 100644 index e0d9918b6..000000000 --- a/charts/config-server/templates/ingress.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "config-server.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "config-server.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - backend: - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} diff --git a/charts/config-server/templates/secret.yaml b/charts/config-server/templates/secret.yaml deleted file mode 100644 index 7fcb70c3e..000000000 --- a/charts/config-server/templates/secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "config-server.fullname" . }} - labels: - {{- include "config-server.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -type: Opaque -data: - github-token: {{ .Values.gitRepo.token | quote }} diff --git a/charts/config-server/templates/service.yaml b/charts/config-server/templates/service.yaml deleted file mode 100644 index 023bb27d0..000000000 --- a/charts/config-server/templates/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "config-server.fullname" . }} - labels: - {{- include "config-server.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.springServicePort }} - protocol: TCP - selector: - {{- include "config-server.selectorLabels" . | nindent 4 }} diff --git a/charts/config-server/templates/serviceaccount.yaml b/charts/config-server/templates/serviceaccount.yaml deleted file mode 100644 index 9132e783a..000000000 --- a/charts/config-server/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "config-server.serviceAccountName" . }} - labels: - {{- include "config-server.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/config-server/templates/tests/test-connection.yaml b/charts/config-server/templates/tests/test-connection.yaml deleted file mode 100644 index 4a66ce918..000000000 --- a/charts/config-server/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "config-server.fullname" . }}-test-connection" - labels: - {{- include "config-server.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "config-server.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/config-server/values.yaml b/charts/config-server/values.yaml deleted file mode 100644 index 6b0aeadd7..000000000 --- a/charts/config-server/values.yaml +++ /dev/null @@ -1,790 +0,0 @@ -# Default values for config-server. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: mosipdev/kernel-config-server - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: develop - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -## Port on which this particular spring service module is running. -springServicePort: 51000 - -## Configure extra options for startup, liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## -startupProbe: - enabled: true - httpGet: - path: "/config/application/default" - port: 51000 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 60 - successThreshold: 1 - -livenessProbe: - enabled: true - httpGet: - path: "/config/application/default" - port: 51000 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - httpGet: - path: "/config/application/default" - port: 51000 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -podAnnotations: {} - -## Config server docker runs as non-root user by default, so enabling the below may not be required. -podSecurityContext: - enabled: false - runAsUser: 1001 - runAsGroup: 2001 - fsGroup: 3001 - -## Config server docker runs as non-root user by default, so enabling the below may not be required. -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 200m - memory: 1500Mi - requests: - cpu: 50m - memory: 500Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -## Git repository from where config server will read the properties etc. This repo could public or private -## For private repos access token is required. -## version: branch/tag of the repo to be used -gitRepo: - uri: https://github.com/mosip/mosip-config - version: develop - ## Folders within the base repo where properties may be found. - searchFolders: "" - private: false - ## User name of user who has access to the private repo. Ignore for public repo - username: "" - token: "" - -spring_profiles: - enabled: false - spring_profiles_active: composite - spring_compositeRepos: - # Based on the user requiremnt the number of multiple sources from where configuration needs to be pulled can be updated below as mentioned. - - type: git - uri: "< config-repo url >" - version: < branch-name > - spring_cloud_config_server_git_cloneOnStart: true - spring_cloud_config_server_git_force_pull: true - spring_cloud_config_server_git_refreshRate: 5 - - type: git - uri: "< config-repo url >" - version: < branch-name > - spring_cloud_config_server_git_cloneOnStart: true - spring_cloud_config_server_git_force_pull: true - spring_cloud_config_server_git_refreshRate: 5 - spring_fail_on_composite_error: false - -localRepo: - enabled: false - spring_profiles_active: "native" - spring_cloud_config_server_native_search_locations: "file:///var/lib/config_repo" - spring_cloud_config_server_accept_empty: true - spring_cloud_config_server_git_force_pull: false - spring_cloud_config_server_git_refreshRate: 0 - spring_cloud_config_server_git_cloneOnStart: false - -volume: - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - name: config-server - storageClass: nfs-client - accessModes: - - ReadWriteMany - size: 10Mi - existingClaim: - # Dir where config and keys are written inside container - mountDir: '/var/lib/config_repo' - nfs: - path: '' # Dir within the nfs server where config repo is cloned/maintained locally. - server: '' # Ip address of nfs server. - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: true - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -# All env variables that are accessed from mosip config properties -envVariables: - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_API_PUBLIC_HOST - valueFrom: - configMapKeyRef: - name: global - key: mosip-api-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_API_INTERNAL_HOST - valueFrom: - configMapKeyRef: - name: global - key: mosip-api-internal-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_ADMIN_HOST - valueFrom: - configMapKeyRef: - name: global - key: mosip-admin-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_PREREG_HOST - valueFrom: - configMapKeyRef: - name: global - key: mosip-prereg-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_RESIDENT_HOST - valueFrom: - configMapKeyRef: - name: global - key: mosip-resident-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_PMP_HOST - valueFrom: - configMapKeyRef: - name: global - key: mosip-pmp-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_COMPLIANCE_HOST - valueFrom: - configMapKeyRef: - name: global - key: mosip-compliance-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_ESIGNET_HOST - valueFrom: - configMapKeyRef: - name: global - key: mosip-esignet-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_DB_DBUSER_PASSWORD - valueFrom: - secretKeyRef: - name: db-common-secrets - key: db-dbuser-password - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_KEYCLOAK_INTERNAL_URL - valueFrom: - configMapKeyRef: - name: keycloak-host - key: keycloak-internal-url - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_KEYCLOAK_EXTERNAL_URL - valueFrom: - configMapKeyRef: - name: keycloak-host - key: keycloak-external-url - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_KEYCLOAK_INTERNAL_HOST - valueFrom: - configMapKeyRef: - name: keycloak-host - key: keycloak-internal-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_KEYCLOAK_EXTERNAL_HOST - valueFrom: - configMapKeyRef: - name: keycloak-host - key: keycloak-external-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_ABIS_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_abis_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_SYNCDATA_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_syncdata_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_CRESER_IDPASS_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_creser_idpass_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MPARTNER_DEFAULT_AUTH_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mpartner_default_auth_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_IDREPO_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_idrepo_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MPARTNER_DEFAULT_PRINT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mpartner_default_print_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MPARTNER_DEFAULT_DIGITALCARD_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mpartner_default_digitalcard_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_ADMIN_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_admin_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_AUTH_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_auth_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_CREREQ_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_crereq_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_CRESER_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_creser_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_DATSHA_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_datsha_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_IDA_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_ida_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_MISP_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_misp_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_PMS_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_pms_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_POLICYMANAGER_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_policymanager_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_REG_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_reg_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_REGPROC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_regproc_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_RESIDENT_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_resident_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_PREREG_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_prereg_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_HOTLIST_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_hotlist_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_DIGITALCARD_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mosip_digitalcard_client_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: keycloak - key: admin-password - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_KERNEL_SECURITY_PIN - valueFrom: - secretKeyRef: - name: softhsm-kernel - key: security-pin - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SOFTHSM_IDA_SECURITY_PIN - valueFrom: - secretKeyRef: - name: softhsm-ida - key: security-pin - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ACTIVEMQ_HOST - valueFrom: - configMapKeyRef: - name: activemq-activemq-artemis-share - key: activemq-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ACTIVEMQ_CORE_PORT - valueFrom: - configMapKeyRef: - name: activemq-activemq-artemis-share - key: activemq-core-port - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_ACTIVEMQ_PASSWORD - valueFrom: - secretKeyRef: - name: activemq-activemq-artemis - key: artemis-password - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDA_WEBSUB_AUTHTYPE_CALLBACK_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: ida-websub-authtype-callback-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDA_WEBSUB_CREDENTIAL_ISSUE_CALLBACK_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: ida-websub-credential-issue-callback-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDA_WEBSUB_PARTNER_SERVICE_CALLBACK_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: ida-websub-partner-service-callback-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDA_WEBSUB_CA_CERTIFICATE_CALLBACK_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: ida-websub-ca-certificate-callback-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDA_WEBSUB_HOTLIST_CALLBACK_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: ida-websub-hotlist-callback-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDA_WEBSUB_MASTERDATA_TEMPLATES_CALLBACK_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: ida-websub-masterdata-templates-callback-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDA_WEBSUB_MASTERDATA_TITLES_CALLBACK_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: ida-websub-masterdata-titles-callback-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDREPO_WEBSUB_VID_CREDENTIAL_UPDATE_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: idrepo-websub-vid-credential-update-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_RESIDENT_WEBSUB_CREDENTIAL_STATUS_UPDATE_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: resident-websub-credential-status-update-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_KERNEL_TOKENID_UIN_SALT - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: mosip-kernel-tokenid-uin-salt - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_KERNEL_TOKENID_PARTNERCODE_SALT - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: mosip-kernel-tokenid-partnercode-salt - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_PRINT_WEBSUB_HUB_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: print-websub-hub-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_HUB_SECRET_ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: hub-secret-encryption-key - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_S3_ACCESSKEY - valueFrom: - configMapKeyRef: - name: s3 - key: s3-user-key - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_S3_REGION - valueFrom: - configMapKeyRef: - name: s3 - key: s3-region - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_S3_SECRETKEY - valueFrom: - secretKeyRef: - name: s3 - key: s3-user-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMTP_HOST - valueFrom: - configMapKeyRef: - name: msg-gateway - key: smtp-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMS_HOST - valueFrom: - configMapKeyRef: - name: msg-gateway - key: sms-host - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMTP_PORT - valueFrom: - configMapKeyRef: - name: msg-gateway - key: smtp-port - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMS_PORT - valueFrom: - configMapKeyRef: - name: msg-gateway - key: sms-port - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMTP_USERNAME - valueFrom: - configMapKeyRef: - name: msg-gateway - key: smtp-username - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMS_USERNAME - valueFrom: - configMapKeyRef: - name: msg-gateway - key: sms-username - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMTP_SECRET - valueFrom: - secretKeyRef: - name: msg-gateway - key: smtp-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMS_SECRET - valueFrom: - secretKeyRef: - name: msg-gateway - key: sms-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_SMS_AUTHKEY - valueFrom: - secretKeyRef: - name: msg-gateway - key: sms-authkey - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_PREREG_CAPTCHA_SITE_KEY - valueFrom: - secretKeyRef: - name: mosip-captcha - key: prereg-captcha-site-key - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_PREREG_CAPTCHA_SECRET_KEY - valueFrom: - secretKeyRef: - name: mosip-captcha - key: prereg-captcha-secret-key - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_RESIDENT_CAPTCHA_SITE_KEY - valueFrom: - secretKeyRef: - name: mosip-captcha - key: resident-captcha-site-key - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_RESIDENT_CAPTCHA_SECRET_KEY - valueFrom: - secretKeyRef: - name: mosip-captcha - key: resident-captcha-secret-key - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_S3_PRETEXT_VALUE - valueFrom: - secretKeyRef: - name: s3 - key: s3-pretext-value - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MPARTNER_DEFAULT_MOBILE_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mpartner_default_mobile_secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_RESIDENT_WEBSUB_AUTHTYPE_STATUS_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: resident-websub-authtype-status-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_RESIDENT_WEBSUB_AUTH_TRANSACTION_STATUS_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: resident-websub-auth-transaction-status-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_IDA_KYC_TOKEN_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: mosip-ida-kyc-token-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_RESIDENT_WEBSUB_REGPROC_WORKFLOW_COMPLETE_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: resident-websub-regproc-workflow-complete-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_IDREPO_WEBSUB_REMOVE_ID_STATUS_SECRET - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: idrepo-websub-remove-id-status-secret - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_PARTNER_CRYPTO_P12_PASSWORD - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: mosip-partner-crypto-p12-password - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MOSIP_RESIDENT_REQUEST_CREDENTIAL_ENCRYPTION_KEY - valueFrom: - secretKeyRef: - name: conf-secrets-various - key: mosip-resident-request-credential-encryption-key - enabled: true - - - name: SPRING_CLOUD_CONFIG_SERVER_OVERRIDES_MPARTNER_DEFAULT_TEMPLATE_SECRET - valueFrom: - secretKeyRef: - name: keycloak-client-secrets - key: mpartner_default_template_secret - enabled: true - - -## The active profile env if you have another set of properties. Correspondingly, properties in Git repo will -## have names of type "*-default.properties" -activeProfileEnv: default diff --git a/charts/credential/Chart.yaml b/charts/credential/Chart.yaml deleted file mode 100644 index 0689497c4..000000000 --- a/charts/credential/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: credential -description: A Helm chart for MOSIP IDRepo Identity Service -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - credential - - kernel -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/credential/values.yaml b/charts/credential/values.yaml deleted file mode 100644 index dbf126d93..000000000 --- a/charts/credential/values.yaml +++ /dev/null @@ -1,419 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -image: - registry: docker.io - repository: mosipqa/credential-service - tag: develop - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -springServicePort: 8095 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## -startupProbe: - enabled: true - httpGet: - path: /v1/credentialservice/actuator/health - port: 8095 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 30 - successThreshold: 1 - -livenessProbe: - enabled: true - httpGet: - path: /v1/credentialservice/actuator/health - port: 8095 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - httpGet: - path: /v1/credentialservice/actuator/health - port: 8095 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 500m - memory: 3000Mi - requests: - cpu: 100m - memory: 1500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2000M -Xmx2000M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables that used -## -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - -## Secret with extra environment variables -## -extraEnvVarsSecret: - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: {} - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: true - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: /v1/credentialservice/actuator/prometheus - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -## Partner management needs public access. -istio: - enabled: true - gateway: istio-system/internal - prefix: /v1/credentialservice diff --git a/charts/credentialfeeder/.gitignore b/charts/credentialfeeder/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/credentialfeeder/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/credentialfeeder/.helmignore b/charts/credentialfeeder/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/credentialfeeder/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/credentialfeeder/Chart.yaml b/charts/credentialfeeder/Chart.yaml deleted file mode 100644 index 453aac67f..000000000 --- a/charts/credentialfeeder/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: credentialfeeder -description: A Helm chart to generate keys -type: application -version: 0.0.1-develop -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - keymanager - - credentialfeeder - - kernel -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/credentialfeeder/README.md b/charts/credentialfeeder/README.md deleted file mode 100644 index 575f5aa7d..000000000 --- a/charts/credentialfeeder/README.md +++ /dev/null @@ -1,43 +0,0 @@ -# credentialfeeder - -Helm chart for installing Kernel module credentialfeeder. - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/credentialfeeder -``` - -## Introduction - -The helm chart here essentially contains job that generates encryption keys for kernel modules. The job is to be run only once during initial install. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `credentialfeeder`. - -```console -helm install my-release mosip/credentialfeeder -``` - -The command deploys credentialfeeder on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -helm delete my-release -``` -The command removes all the Kubernetes components associated with the chart and deletes the release. - diff --git a/charts/credentialfeeder/templates/NOTES.txt b/charts/credentialfeeder/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/credentialfeeder/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/credentialfeeder/templates/_helpers.tpl b/charts/credentialfeeder/templates/_helpers.tpl deleted file mode 100644 index 01812b4a8..000000000 --- a/charts/credentialfeeder/templates/_helpers.tpl +++ /dev/null @@ -1,60 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "credentialfeeder.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "credentialfeeder.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "credentialfeeder.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "credentialfeeder.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "credentialfeeder.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "credentialfeeder.validateValues.foo" .) -}} -{{- $messages := append $messages (include "credentialfeeder.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "credentialfeeder.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - - diff --git a/charts/credentialfeeder/templates/configmap.yaml b/charts/credentialfeeder/templates/configmap.yaml deleted file mode 100644 index 60e2f9b6e..000000000 --- a/charts/credentialfeeder/templates/configmap.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.credentialfeeder.configmaps }} -{{- range $cm_name, $cm_value := .Values.credentialfeeder.configmaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/credentialfeeder/templates/extra-list.yaml b/charts/credentialfeeder/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/credentialfeeder/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/credentialfeeder/templates/job.yaml b/charts/credentialfeeder/templates/job.yaml deleted file mode 100644 index 4ac0f0357..000000000 --- a/charts/credentialfeeder/templates/job.yaml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook-delete-policy": hook-succeeded - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - backoffLimit: {{ .Values.backoffLimit }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - sidecar.istio.io/inject: "false" - spec: - {{- include "credentialfeeder.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.podSecurityContext.fsGroup }} - {{- if .Values.podSecurityContext.sysctls }} - sysctls: - {{- toYaml .Values.podSecurityContext.sysctls | nindent 8 }} - {{- end }} - {{- end }} - serviceAccountName: {{ include "credentialfeeder.serviceAccountName" . }} - restartPolicy: Never # This is one time job - containers: - - name: credentialfeeder - image: {{ template "credentialfeeder.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: container_user - value: {{ .Values.containerSecurityContext.runAsUser }} - - name: JDK_JAVA_OPTIONS - value: {{ .Values.additionalResources.javaOpts }} - - name: spring_config_name_env - value: {{ .Values.springConfigNameEnv }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} diff --git a/charts/credentialfeeder/templates/service-account.yaml b/charts/credentialfeeder/templates/service-account.yaml deleted file mode 100644 index e2918e344..000000000 --- a/charts/credentialfeeder/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "credentialfeeder.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/credentialfeeder/values.yaml b/charts/credentialfeeder/values.yaml deleted file mode 100644 index 8b505b6e3..000000000 --- a/charts/credentialfeeder/values.yaml +++ /dev/null @@ -1,317 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -image: - registry: docker.io - repository: mosipdev/id-repository-credentials-feeder - tag: develop - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 200m - # memory: 256Mi - requests: {} - # cpu: 200m - # memory: 10Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## "backoff" strategy - It is used when dealing with resources that are retrying or recovering from failures. -## -backoffLimit: 0 - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## - -extraEnvVars: [] - -## ConfigMap with extra environment variables that used -## -## IMPORTANT: softhsm name needs to be set if not default as mentioned below. This applies if softhsm name -## is different -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - - credentialfeeder - -credentialfeeder: - configmaps: - credentialfeeder: - online-verification-partner-ids: "mpartner-default-auth" - skip-requesting-existing-credentials-for-partners: "false" -## Secret with extra environment variables -## -extraEnvVarsSecret: [] - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: {} - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -# kernel or id-authentication -springConfigNameEnv: - -## This param is to be set during installation. -## For Kernel: softhsm-kernel-share -## For IDA: softhsm-ida-share -softHsmCM: diff --git a/charts/credentialrequest/Chart.yaml b/charts/credentialrequest/Chart.yaml deleted file mode 100644 index bdc789488..000000000 --- a/charts/credentialrequest/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: credentialrequest -description: A Helm chart for MOSIP IDRepo Identity Service -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - credentialrequest - - kernel -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/credentialrequest/values.yaml b/charts/credentialrequest/values.yaml deleted file mode 100644 index 405f03484..000000000 --- a/charts/credentialrequest/values.yaml +++ /dev/null @@ -1,419 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -image: - registry: docker.io - repository: mosipqa/credential-request-generator - tag: develop - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -springServicePort: 8094 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## -startupProbe: - enabled: true - httpGet: - path: /v1/credentialrequest/actuator/health - port: 8094 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 30 - successThreshold: 1 - -livenessProbe: - enabled: true - httpGet: - path: /v1/credentialrequest/actuator/health - port: 8094 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - httpGet: - path: /v1/credentialrequest/actuator/health - port: 8094 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 2000m - memory: 5000Mi - requests: - cpu: 500m - memory: 2000Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms3000M -Xmx3000M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables that used -## -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - -## Secret with extra environment variables -## -extraEnvVarsSecret: - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: {} - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: true - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: /v1/credentialrequest/actuator/prometheus - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -## Partner management needs public access. -istio: - enabled: true - gateway: istio-system/internal - prefix: /v1/credentialrequest diff --git a/charts/data-archive/.gitignore b/charts/data-archive/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/data-archive/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/data-archive/.helmignore b/charts/data-archive/.helmignore deleted file mode 100644 index 35e62f999..000000000 --- a/charts/data-archive/.helmignore +++ /dev/null @@ -1,24 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -.chart.lock diff --git a/charts/data-archive/Chart.yaml b/charts/data-archive/Chart.yaml deleted file mode 100644 index 2a706d0ea..000000000 --- a/charts/data-archive/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: data-archive -description: A Helm chart for Kubernetes to initialize mosip_archive Postgres DB and execute py script to archive data from source db to archive db -type: application -version: 0.0.1-develop -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - postgres - - db - - database -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/data-archive/templates/_helpers.tpl b/charts/data-archive/templates/_helpers.tpl deleted file mode 100644 index 6b92a3a0d..000000000 --- a/charts/data-archive/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "data-archive.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "data-archive.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "data-archive.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "data-archive.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "data-archive.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "data-archive.validateValues.foo" .) -}} -{{- $messages := append $messages (include "data-archive.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "data-archive.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* Create the name for restart cronjob */}} -{{- define "data-archive.cronjob" -}} -{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- end -}} \ No newline at end of file diff --git a/charts/data-archive/templates/all-db-tables-info-configmap.yaml b/charts/data-archive/templates/all-db-tables-info-configmap.yaml deleted file mode 100644 index e34b2cc6f..000000000 --- a/charts/data-archive/templates/all-db-tables-info-configmap.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: your-component-name - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - audit_archive_table_info: {{ .Values.databases.all_db_tables_info.audit | toJson | quote }} - credential_archive_table_info: {{ .Values.databases.all_db_tables_info.credential | toJson | quote }} - esignet_archive_table_info: {{ .Values.databases.all_db_tables_info.esignet | toJson | quote }} - ida_archive_table_info: {{ .Values.databases.all_db_tables_info.ida | toJson | quote }} - idrepo_archive_table_info: {{ .Values.databases.all_db_tables_info.idrepo | toJson | quote }} - kernel_archive_table_info: {{ .Values.databases.all_db_tables_info.kernel | toJson | quote }} - master_archive_table_info: {{ .Values.databases.all_db_tables_info.master | toJson | quote }} - pms_archive_table_info: {{ .Values.databases.all_db_tables_info.pms | toJson | quote }} - prereg_archive_table_info: {{ .Values.databases.all_db_tables_info.prereg | toJson | quote }} - regprc_archive_table_info: {{ .Values.databases.all_db_tables_info.regprc | toJson | quote }} - resident_archive_table_info: {{ .Values.databases.all_db_tables_info.resident | toJson | quote }} \ No newline at end of file diff --git a/charts/data-archive/templates/archive-db-secret.yaml b/charts/data-archive/templates/archive-db-secret.yaml deleted file mode 100644 index ee4c424ea..000000000 --- a/charts/data-archive/templates/archive-db-secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: archive-db-secrets - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: postgres - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - SU_USER_PWD: {{ .Values.databases.archive_db.su_user_pwd | b64enc | quote }} - DBUSER_PWD: {{ .Values.databases.archive_db.db_pwd | b64enc | quote }} - ARCHIVE_DB_PASS: {{ .Values.databases.archive_db.archive_db_password | b64enc | quote }} diff --git a/charts/data-archive/templates/archive-env-configmap.yaml b/charts/data-archive/templates/archive-env-configmap.yaml deleted file mode 100644 index 7833668af..000000000 --- a/charts/data-archive/templates/archive-env-configmap.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: db-archive-init-env-config - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: postgres - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -data: - MOSIP_DB_NAME: {{ .Values.databases.archive_db.db_name | quote }} - SU_USER: {{ .Values.databases.archive_db.su_user | quote }} - DB_SERVERIP: {{ .Values.databases.archive_db.host | quote }} - DB_PORT: {{ .Values.databases.archive_db.port | quote }} - DML_FLAG: {{ .Values.databases.archive_db.dml | quote }} - DB_NAMES: {{ .Values.databases.source_db.provide_db_names_to_archive | quote }} - AUDIT_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_audit_host | quote }} - AUDIT_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_audit_port | quote }} - AUDIT_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_audit_uname | quote }} - AUDIT_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_audit_dbname | quote }} - AUDIT_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_audit_schemaname | quote }} - CREDENTIAL_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_credential_host | quote }} - CREDENTIAL_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_credential_port | quote }} - CREDENTIAL_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_credential_uname | quote }} - CREDENTIAL_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_credential_dbname | quote }} - CREDENTIAL_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_credential_schemaname | quote }} - ESIGNET_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_esignet_host | quote }} - ESIGNET_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_esignet_port | quote }} - ESIGNET_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_esignet_uname | quote }} - ESIGNET_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_esignet_dbname | quote }} - ESIGNET_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_esignet_schemaname | quote }} - IDA_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_ida_host | quote }} - IDA_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_ida_port | quote }} - IDA_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_ida_uname | quote }} - IDA_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_ida_dbname | quote }} - IDA_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_ida_schemaname | quote }} - IDREPO_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_idrepo_host | quote }} - IDREPO_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_idrepo_port | quote }} - IDREPO_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_idrepo_uname | quote }} - IDREPO_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_idrepo_dbname | quote }} - IDREPO_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_idrepo_schemaname | quote }} - KERNEL_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_kernel_host | quote }} - KERNEL_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_kernel_port | quote }} - KERNEL_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_kernel_uname | quote }} - KERNEL_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_kernel_dbname | quote }} - KERNEL_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_kernel_schemaname | quote }} - MASTER_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_master_host | quote }} - MASTER_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_master_port | quote }} - MASTER_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_master_uname | quote }} - MASTER_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_master_dbname | quote }} - MASTER_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_master_schemaname | quote }} - PMS_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_pms_host | quote }} - PMS_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_pms_port | quote }} - PMS_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_pms_uname | quote }} - PMS_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_pms_dbname | quote }} - PMS_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_pms_schemaname | quote }} - PREREG_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_prereg_host | quote }} - PREREG_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_prereg_port | quote }} - PREREG_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_prereg_uname | quote }} - PREREG_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_prereg_dbname | quote }} - PREREG_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_prereg_schemaname | quote }} - REGPRC_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_regprc_host | quote }} - REGPRC_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_regprc_port | quote }} - REGPRC_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_regprc_uname | quote }} - REGPRC_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_regprc_dbname | quote }} - REGPRC_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_regprc_schemaname | quote }} - RESIDENT_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_resident_host | quote }} - RESIDENT_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_resident_port | quote }} - RESIDENT_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_resident_uname | quote }} - RESIDENT_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_resident_dbname | quote }} - RESIDENT_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_resident_schemaname | quote }} - ARCHIVE_DB_HOST: {{ .Values.databases.archive_db.archivehost | quote }} - ARCHIVE_DB_PORT: {{ .Values.databases.archive_db.archiveport | quote }} - ARCHIVE_DB_UNAME: {{ .Values.databases.archive_db.archiveuname | quote }} - ARCHIVE_DB_NAME: {{ .Values.databases.archive_db.archive_dbname | quote }} - ARCHIVE_SCHEMA_NAME: {{ .Values.databases.archive_db.archive_schemaname | quote }} - CONTAINER_VOLUME_PATH: {{ .Values.databases.container_volume_path | quote }} \ No newline at end of file diff --git a/charts/data-archive/templates/cronjob.yaml b/charts/data-archive/templates/cronjob.yaml deleted file mode 100644 index 5a808e782..000000000 --- a/charts/data-archive/templates/cronjob.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }} -kind: CronJob -metadata: - name: {{ template "data-archive.cronjob" $ }} - namespace: {{ $.Release.Namespace }} -spec: - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 # remove jobs which are successfully executed - failedJobsHistoryLimit: 1 # except 1 recent failed job, remove jobs which are not successfully executed - #schedule: '*/3 * * * *' # cron spec of time, here, 8 o'clock - schedule: {{ $.Values.crontime }} - jobTemplate: - spec: - backoffLimit: 2 # this has very low chance of failing, as all this does - # is prompt kubernetes to schedule new replica set for - # the deployment - # activeDeadlineSeconds: 600 # timeout, makes most sense with - # "waiting for rollout" variant specified below - template: - spec: - restartPolicy: Never - containers: - - name: {{ template "data-archive.serviceAccountName" $ }} - image: {{ template "data-archive.image" $ }} - imagePullPolicy: {{ $.Values.image.pullPolicy }} - volumeMounts: - - name: config-volume - mountPath: /all-db-info-json - env: - - name: container_user - value: {{ $.Values.containerSecurityContext.runAsUser }} - envFrom: - - configMapRef: - name: db-archive-init-env-config - - secretRef: - name: source-db-secrets - - secretRef: - name: archive-db-secrets - volumes: - - name: config-volume - configMap: - name: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/data-archive/templates/serviceaccount.yaml b/charts/data-archive/templates/serviceaccount.yaml deleted file mode 100644 index cedd6dc63..000000000 --- a/charts/data-archive/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "data-archive.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/data-archive/templates/source-db-secret.yaml b/charts/data-archive/templates/source-db-secret.yaml deleted file mode 100644 index 2ed02932a..000000000 --- a/charts/data-archive/templates/source-db-secret.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# secret.yaml -apiVersion: v1 -kind: Secret -metadata: - name: source-db-secrets - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: postgres - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - AUDIT_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_audit_db_pass | b64enc | quote }} - CREDENTIAL_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_credential_db_pass | b64enc | quote }} - ESIGNET_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_esignet_db_pass | b64enc | quote }} - IDA_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_ida_db_pass | b64enc | quote }} - IDREPO_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_idrepo_db_pass | b64enc | quote }} - KERNEL_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_kernel_db_pass | b64enc | quote }} - MASTER_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_master_db_pass | b64enc | quote }} - PMS_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_pms_db_pass | b64enc | quote }} - PREREG_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_prereg_db_pass | b64enc | quote }} - REGPRC_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_regprc_db_pass | b64enc | quote }} - RESIDENT_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_resident_db_pass | b64enc | quote }} \ No newline at end of file diff --git a/charts/data-archive/values.yaml b/charts/data-archive/values.yaml deleted file mode 100644 index 11af5d7e9..000000000 --- a/charts/data-archive/values.yaml +++ /dev/null @@ -1,589 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -image: - registry: docker.io - repository: mosipdev/data-archive - tag: develop - - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1000m - memory: 3500Mi - requests: - cpu: 1000m - memory: 3500Mi - -# additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - # javaOpts: "-Xms2600M -Xmx2600M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -## Some common set of users are created across all postgres servers with same password. TODO: change this later. -## These user names are currently hardcoded in the sql scripts, so can't change from here. - -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -# extraEnvVarsCM: - # - s3 - -## Secret with extra environment variables -## -# extraEnvVarsSecret: - # - s3 - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -## initContainers: {} - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - # limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - # requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Admin swagger should have only internal access. Hence linked to internal gateway -istio: - enabled: false - gateways: - - istio-system/internal - -crontime: "0 4 * * *" ## run cronjob every day at 4 AM in GMT which is 9.30 AM in IST (time hr: 0-23 ) - -databases: - archive_db: - db_name: "mosip_archive" - host: "api-internal.sandbox.xyz.net" - port: 5432 - su_user: "postgres" - su_user_pwd: "" - db_pwd: "" - dml: 0 - archivehost: "api-internal.sandbox.xyz.net" - archiveport: 5432 - archiveuname: "archiveuser" - archive_dbname: "mosip_archive" - archive_schemaname: "archive" - archive_db_password: "" - source_db: - provide_db_names_to_archive: "AUDIT,IDA" - source_audit_host: "api-internal.sandbox.xyz.net" - source_audit_port: 5432 - source_audit_uname: "audituser" - source_audit_dbname: "mosip_audit" - source_audit_schemaname: "audit" - source_audit_db_pass: "" - source_credential_host: "api-internal.sandbox.xyz.net" - source_credential_port: 5432 - source_credential_uname: "credentialuser" - source_credential_dbname: "mosip_credential" - source_credential_schemaname: "credential" - source_credential_db_pass: "" - source_esignet_host: "api-internal.sandbox.xyz.net" - source_esignet_port: 5432 - source_esignet_uname: "esignetuser" - source_esignet_dbname: "mosip_esignet" - source_esignet_schemaname: "esignet" - source_esignet_db_pass: "" - source_ida_host: "api-internal.sandbox.xyz.net" - source_ida_port: 5432 - source_ida_uname: "idauser" - source_ida_dbname: "mosip_ida" - source_ida_schemaname: "ida" - source_ida_db_pass: "" - source_idrepo_host: "api-internal.sandbox.xyz.net" - source_idrepo_port: 5432 - source_idrepo_uname: "idrepouser" - source_idrepo_dbname: "mosip_idrepo" - source_idrepo_schemaname: "idrepo" - source_idrepo_db_pass: "" - source_kernel_host: "api-internal.sandbox.xyz.net" - source_kernel_port: 5432 - source_kernel_uname: "kerneluser" - source_kernel_dbname: "mosip_kernel" - source_kernel_schemaname: "kernel" - source_kernel_db_pass: "" - source_master_host: "api-internal.sandbox.xyz.net" - source_master_port: 5432 - source_master_uname: "masteruser" - source_master_dbname: "mosip_master" - source_master_schemaname: "master" - source_master_db_pass: "" - source_pms_host: "api-internal.sandbox.xyz.net" - source_pms_port: 5432 - source_pms_uname: "pmsuser" - source_pms_dbname: "mosip_pms" - source_pms_schemaname: "pms" - source_pms_db_pass: "" - source_prereg_host: "api-internal.sandbox.xyz.net" - source_prereg_port: 5432 - source_prereg_uname: "prereguser" - source_prereg_dbname: "mosip_prereg" - source_prereg_schemaname: "prereg" - source_prereg_db_pass: "" - source_regprc_host: "api-internal.sandbox.xyz.net" - source_regprc_port: 5432 - source_regprc_uname: "regprcuser" - source_regprc_dbname: "mosip_regprc" - source_regprc_schemaname: "regprc" - source_regprc_db_pass: "" - source_resident_host: "api-internal.sandbox.xyz.net" - source_resident_port: 5432 - source_resident_uname: "residentuser" - source_resident_dbname: "mosip_resident" - source_resident_schemaname: "resident" - source_resident_db_pass: "" - container_volume_path: "/all-db-info-json" ## volume mount path for table info inside cronjob container - all_db_tables_info: - audit: - tables_info: - - source_table: "app_audit_log" - archive_table: "mosip_audit_app_audit_log" - id_column: "log_id" - date_column: "log_dtimes" - retention_days: 30 - operation_type: "archive_delete" - credential: - tables_info: - - source_table: "credential_transaction" - archive_table: "mosip_credential_credential_transaction" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 30 - operation_type: "archive_delete" - esignet: - tables_info: - - source_table: "consent_history" - archive_table: "mosip_esignet_consent_history" - id_column: "id" - date_column: "cr_dtimes" - retention_days: 30 - operation_type: "none" - ida: - tables_info: - - source_table: "credential_event_store" - archive_table: "mosip_ida_credential_event_store" - id_column: "event_id" - date_column: "cr_dtimes" - retension_days: 30 - operation_type: "archive_delete" - - source_table: "otp_transaction" - archive_table: "mosip_ida_otp_transaction" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 30 - operation_type: 'delete' - idrepo: - tables_info: - - source_table: "anonymous_profile" - archive_table: "mosip_idrepo_anonymous_profile" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 30 - operation_type: "archive_delete" - - source_table: "credential_request_status" - archive_table: "mosip_idrepo_credential_request_status" - id_column: "individual_id" - date_column: "cr_dtimes" - retension_days: 30 - operation_type: "archive_delete" - - source_table: "uin_draft" - archive_table: "mosip_idrepo_uin_draft" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 30 - operation_type: "archive_delete" - kernel: - tables_info: - - source_table: "otp_transaction" - archive_table: "mosip_kernel_otp_transaction" - id_column: "id" - date_column: "generated_dtimes" - retension_days: 7 - operation_type: "delete" - master: - tables_info: - - source_table: "bulkupload_transaction" - archive_table: "mosip_master_bulkupload_transaction" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 91 - operation_type: "archive_delete" - - source_table: "device_master_h" - archive_table: "mosip_master_device_master_h" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 365 - operation_type: "archive_delete" - - source_table: "machine_master_h" - archive_table: "mosip_master_machine_master_h" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - - source_table: "registration_center_h" - archive_table: "mosip_master_registration_center_h" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 365 - operation_type: "archive_delete" - - source_table: "user_detail_h" - archive_table: "mosip_master_user_detail_h" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - - source_table: "zone_user_h" - archive_table: "mosip_master_zone_user_h" - id_column: "usr_id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - pms: - tables_info: - - source_table: "auth_policy_h" - archive_table: "mosip_pms_auth_policy_h" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - - source_table: "secure_biometric_interface_h" - archive_table: "mosip_pms_secure_biometric_interface_h" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - - source_table: "partner_h" - archive_table: "mosip_pms_partner_h" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - prereg: - tables_info: - - source_table: "otp_transaction" - archive_table: "mosip_prereg_otp_transaction" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 30 - operation_type: "delete" - regprc: - tables_info: - - source_table: "abis_response_det" - archive_table: "mosip_regprc_abis_response_det" - id_column: "abis_resp_id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - - source_table: "abis_response" - archive_table: "mosip_regprc_abis_response" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - - source_table: "abis_request" - archive_table: "mosip_regprc_abis_request" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - - source_table: "reg_demo_dedupe_list" - archive_table: "mosip_regprc_reg_demo_dedupe_list" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - - source_table: "registration_transaction" - archive_table: "mosip_regprc_registration_transaction" - id_column: "regtrn_id" - date_column: "cr_dtimes" - retension_days: 183 - operation_type: "archive_delete" - resident: - tables_info: - - source_table: "otp_transaction" - archive_table: "mosip_resident_otp_transaction" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 30 - operation_type: "delete" - - source_table: "resident_grievance_ticket" - archive_table: "mosip_resident_grievance_ticket" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 365 - operation_type: "archive_delete" - - source_table: "resident_session" - archive_table: "mosip_resident_session" - id_column: "session_id" - date_column: "login_dtimes" - retension_days: 30 - operation_type: "archive_delete" - - source_table: "resident_transaction" - archive_table: "mosip_resident_transaction" - id_column: "id" - date_column: "cr_dtimes" - retension_days: 365 - operation_type: "archive_delete" - - source_table: "resident_user_actions" - archive_table: "mosip_resident_user_actions" - id_column: "ida_token" - date_column: "last_bell_notif_click_dtimes" - retension_days: 365 - operation_type: "archive_delete" diff --git a/charts/databreachdetector/Chart.yaml b/charts/databreachdetector/Chart.yaml deleted file mode 100644 index 090253c4b..000000000 --- a/charts/databreachdetector/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: databreachdetector -description: A Helm chart to deploy databreachdetector to test working of MOSIP modules -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - databreachdetector -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/databreachdetector/README.md b/charts/databreachdetector/README.md deleted file mode 100644 index 2de1511a2..000000000 --- a/charts/databreachdetector/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# databreachdetector - -Helm chart to deploy databreachdetector for `MOSIP` modules - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/databreachdetector -``` diff --git a/charts/databreachdetector/templates/NOTES.txt b/charts/databreachdetector/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/databreachdetector/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/databreachdetector/templates/_helpers.tpl b/charts/databreachdetector/templates/_helpers.tpl deleted file mode 100644 index 1dfe9b081..000000000 --- a/charts/databreachdetector/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "databreachdetector.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "databreachdetector.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "databreachdetector.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "databreachdetector.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "databreachdetector.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "databreachdetector.validateValues.foo" .) -}} -{{- $messages := append $messages (include "databreachdetector.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "databreachdetector.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* Create the name for restart cronjob */}} -{{- define "databreachdetector.cronjob" -}} -{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- end -}} diff --git a/charts/databreachdetector/templates/configmaps.yaml b/charts/databreachdetector/templates/configmaps.yaml deleted file mode 100644 index 2d76a7618..000000000 --- a/charts/databreachdetector/templates/configmaps.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.databreachdetector.configmaps }} -{{- range $cm_name, $cm_value := .Values.databreachdetector.configmaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/databreachdetector/templates/cronjob.yaml b/charts/databreachdetector/templates/cronjob.yaml deleted file mode 100644 index dc134b666..000000000 --- a/charts/databreachdetector/templates/cronjob.yaml +++ /dev/null @@ -1,80 +0,0 @@ -{{- range $type := $.Values.types }} -{{- if $type.enabled }} ---- -apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }} -kind: CronJob -metadata: - name: {{ template "databreachdetector.cronjob" $ }}-{{ $type.name }} - namespace: {{ $.Release.Namespace }} - annotations: - {{- if $.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - -spec: - {{- if eq $type.name "full" }} - suspend: false - {{- end }} - {{- if eq $type.name "sanity" }} - suspend: true - {{- end }} - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 # remove jobs which are successfully executed - failedJobsHistoryLimit: 1 # except 1 recent failed job, remove jobs which are not successfully executed - #schedule: '*/3 * * * *' # cron spec of time - schedule: {{ $.Values.crontime }} - jobTemplate: - spec: - backoffLimit: 0 # this has very low chance of failing, as all this does - # is prompt kubernetes to schedule new replica set for - # the deployment - # activeDeadlineSeconds: 600 # timeout, makes most sense with - # "waiting for rollout" variant specified below - template: - spec: - # account configured above - restartPolicy: Never - containers: - - name: {{ template "databreachdetector.serviceAccountName" $ }}-{{ $type.name }} - image: {{ template "databreachdetector.image" $ }} - imagePullPolicy: {{ $.Values.image.pullPolicy }} - {{- if $.Values.lifecycleHooks }} - lifecycle: {{- include "common.tpvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.containerSecurityContext.enabled }} - securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if $.Values.command }} - command: {{- include "common.tpvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.args }} - args: {{- include "common.tpvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: container_user - value: {{ $.Values.containerSecurityContext.runAsUser }} - {{- if $.Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if $.Values.extraEnvVarsCM }} - {{- range $.Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if $.Values.extraEnvVarsSecret }} - {{- range $.Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - ports: - - name: spring-service - containerPort: {{ $.Values.springServicePort }} -{{- end }} -{{- end }} diff --git a/charts/databreachdetector/templates/extra-list.yaml b/charts/databreachdetector/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/databreachdetector/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/databreachdetector/templates/secrets.yaml b/charts/databreachdetector/templates/secrets.yaml deleted file mode 100644 index 1cbf73bfe..000000000 --- a/charts/databreachdetector/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.databreachdetector.secrets }} -{{- range $secret_name, $secret_value := .Values.databreachdetector.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secret_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -type: Opaque -data: - {{- range $key, $value := $secret_value }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/databreachdetector/templates/service-account.yaml b/charts/databreachdetector/templates/service-account.yaml deleted file mode 100644 index 650cbb72f..000000000 --- a/charts/databreachdetector/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "databreachdetector.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/databreachdetector/values.yaml b/charts/databreachdetector/values.yaml deleted file mode 100644 index 87bb31943..000000000 --- a/charts/databreachdetector/values.yaml +++ /dev/null @@ -1,438 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -image: - registry: docker.io - repository: mosipdev/databreachdetector - tag: develop - - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -springServicePort: 8083 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1000m - memory: 3500Mi - requests: - cpu: 1000m - memory: 3500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2600M -Xmx2600M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - global - - s3 - - db -## Secret with extra environment variables -## -extraEnvVarsSecret: - - s3 - - postgres-postgresql - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: - - command: - - /bin/bash - - -c - - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" - |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST - $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" - -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN - CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool - -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass - changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" - -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" - ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; - EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; - fi - env: - - name: ENABLE_INSECURE - value: "true" - envFrom: - - configMapRef: - name: global - image: docker.io/openjdk:11-jre - imagePullPolicy: Always - name: cacerts - resources: {} - securityContext: - runAsUser: 0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /cacerts - name: cacerts - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: true - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 100m - existingClaim: - nfs: - path: '/srv/nfs/mosip/dsl-scenarios/' - server: '' - # Dir where config and keys are written inside container - mountDir: '/home/mosip/mountvolume/scenarios' - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: true - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: false - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -## Admin swagger should have only internal access. Hence linked to internal gateway - -types: - - name: full - enabled: true - -crontime: "0 3 * * *" ## run cronjob every day at 3 AM (time hr: 0-23 ) - -databreachdetector: - configmaps: - s3: - s3-host: 'http://minio.minio:9000' - s3-user-key: 'admin' - s3-region: '' - db: - db-port: '5432' - db-su-user: 'postgres' - db-server: 'api-internal.sandbox.xyz.net' - secrets: - -enable_insecure: false diff --git a/charts/dslorchestrator/.gitignore b/charts/dslorchestrator/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/dslorchestrator/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/dslorchestrator/.helmignore b/charts/dslorchestrator/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/dslorchestrator/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/dslorchestrator/Chart.yaml b/charts/dslorchestrator/Chart.yaml deleted file mode 100644 index a1228c038..000000000 --- a/charts/dslorchestrator/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: dslorchestrator -description: A Helm chart to deploy dslorchestrator to test working of MOSIP modules -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - dslorchestrator -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/dslorchestrator/README.md b/charts/dslorchestrator/README.md deleted file mode 100644 index f223d0319..000000000 --- a/charts/dslorchestrator/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# dslorchestrator - -Helm chart to deploy dslorchestrator for `MOSIP` modules - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/dslorchestrator -``` diff --git a/charts/dslorchestrator/templates/NOTES.txt b/charts/dslorchestrator/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/dslorchestrator/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/dslorchestrator/templates/_helpers.tpl b/charts/dslorchestrator/templates/_helpers.tpl deleted file mode 100644 index 95845216e..000000000 --- a/charts/dslorchestrator/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "dslorchestrator.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "dslorchestrator.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "dslorchestrator.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "dslorchestrator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "dslorchestrator.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "dslorchestrator.validateValues.foo" .) -}} -{{- $messages := append $messages (include "dslorchestrator.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "dslorchestrator.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* Create the name for restart cronjob */}} -{{- define "dslorchestrator.cronjob" -}} -{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- end -}} diff --git a/charts/dslorchestrator/templates/clusterrole.yaml b/charts/dslorchestrator/templates/clusterrole.yaml deleted file mode 100644 index 79508f512..000000000 --- a/charts/dslorchestrator/templates/clusterrole.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "dslorchestrator.serviceAccountName" . }}-{{ .Release.Namespace }} - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get","patch","list","watch"] diff --git a/charts/dslorchestrator/templates/clusterrolebinding.yaml b/charts/dslorchestrator/templates/clusterrolebinding.yaml deleted file mode 100644 index 123e7f48e..000000000 --- a/charts/dslorchestrator/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }}-{{ .Release.Namespace }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "dslorchestrator.serviceAccountName" . }}-{{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: {{ template "dslorchestrator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/dslorchestrator/templates/configmaps.yaml b/charts/dslorchestrator/templates/configmaps.yaml deleted file mode 100644 index 19f1b9dcd..000000000 --- a/charts/dslorchestrator/templates/configmaps.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.dslorchestrator.configmaps }} -{{- range $cm_name, $cm_value := .Values.dslorchestrator.configmaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/dslorchestrator/templates/cronjob.yaml b/charts/dslorchestrator/templates/cronjob.yaml deleted file mode 100644 index bbab820e8..000000000 --- a/charts/dslorchestrator/templates/cronjob.yaml +++ /dev/null @@ -1,178 +0,0 @@ -{{- range $type := $.Values.types }} -{{- if $type.enabled }} ---- -apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }} -kind: CronJob -metadata: - name: {{ template "dslorchestrator.cronjob" $ }}-{{ $type.name }} - namespace: {{ $.Release.Namespace }} - annotations: - {{- if $.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - -spec: - {{- if eq $type.name "full" }} - suspend: false - {{- end }} - {{- if eq $type.name "sanity" }} - suspend: true - {{- end }} - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 # remove jobs which are successfully executed - failedJobsHistoryLimit: 1 # except 1 recent failed job, remove jobs which are not successfully executed - #schedule: '*/3 * * * *' # cron spec of time - schedule: {{ $.Values.crontime }} - jobTemplate: - spec: - backoffLimit: 0 # this has very low chance of failing, as all this does - # is prompt kubernetes to schedule new replica set for - # the deployment - # activeDeadlineSeconds: 600 # timeout, makes most sense with - # "waiting for rollout" variant specified below - template: - spec: - # account configured above - serviceAccountName: {{ template "dslorchestrator.serviceAccountName" $ }} - restartPolicy: Never - initContainers: - {{- if and $.Values.volumePermissions.enabled $.Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "dslorchestrator.image" $ }} - imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -c - - chown -R mosip:mosip {{ $.Values.persistence.mountDir }} - securityContext: - runAsUser: 0 - {{- if $.Values.volumePermissions.resources }} - resources: {{- toYaml $.Values.volumePermissions.resources | nindent 16 }} - {{- end }} - volumeMounts: - - name: {{ template "common.names.fullname" $ }} - mountPath: {{ $.Values.persistence.mountDir }} - - name: packetcreator-accessibility-check - image: rancher/curl - imagePullPolicy: {{ $.Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/sh - - -c - - MY_PROBE_CHECK_PATHS="$packetUtilityBaseUrl/actuator/health"; for str in $(echo $MY_PROBE_CHECK_PATHS | sed "s/,/\n/g"); do curl_output="$(curl -w %{http_code} -o /dev/null -s -k $str)"; if ! [ "$curl_output" = "200" ]; then echo "$str failed with status code $curl_output" >> /dev/stderr && exit 1; fi;done - securityContext: - runAsUser: 0 - {{- if $.Values.volumePermissions.resources }} - resources: {{- toYaml $.Values.volumePermissions.resources | nindent 16 }} - env: - {{- if $.Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if $.Values.extraEnvVarsCM }} - {{- range $.Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if $.Values.extraEnvVarsSecret }} - {{- range $.Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- if $.Values.enable_insecure }} - {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 12 }} - {{- end }} - containers: - - name: {{ template "dslorchestrator.serviceAccountName" $ }}-{{ $type.name }} - image: {{ template "dslorchestrator.image" $ }} - imagePullPolicy: {{ $.Values.image.pullPolicy }} - {{- if $.Values.lifecycleHooks }} - lifecycle: {{- include "common.tpvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.containerSecurityContext.enabled }} - securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if $.Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: container_user - value: {{ $.Values.containerSecurityContext.runAsUser }} - - name: JDK_JAVA_OPTIONS - value: {{ $.Values.additionalResources.javaOpts }} - - name: NS - value: {{ $.Release.Namespace }} - {{- if $.Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if eq $type.name "full" }} - - name: TESTLEVEL - value: "full" - {{- end }} - {{- if eq $type.name "sanity" }} - - name: TESTLEVEL - value: "sanity" - {{- end }} - envFrom: - {{- if $.Values.extraEnvVarsCM }} - {{- range $.Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if $.Values.extraEnvVarsSecret }} - {{- range $.Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - ports: - - name: spring-service - containerPort: {{ $.Values.springServicePort }} - {{- if $.Values.resources }} - resources: {{- toYaml $.Values.resources | nindent 14 }} - {{- end }} - volumeMounts: - - name: {{ template "common.names.fullname" $ }} - mountPath: {{ $.Values.persistence.mountDir }} - {{- if $.Values.enable_insecure }} - - mountPath: /usr/local/openjdk-11/lib/security/cacerts - name: cacerts - subPath: cacerts - {{- end }} - {{- if $.Values.dslorchestrator.volumes }} - {{- range $volume_name, $volume_value := $.Values.dslorchestrator.volumes.configmaps }} - - name: {{ $volume_name }} - mountPath: {{ $volume_value.volumeMounts.mountPath }} - {{- end }} - {{- end }} - volumes: - {{- if $.Values.persistence.enabled }} - - name: {{ template "common.names.fullname" $ }} - persistentVolumeClaim: - claimName: {{ template "common.names.fullname" $ }} - {{- end }} - {{- if $.Values.enable_insecure }} - - name: cacerts - emptyDir: {} - {{- end }} - {{- if $.Values.dslorchestrator.volumes }} - {{- range $volume_name, $volume_value := $.Values.dslorchestrator.volumes.configmaps }} - - name: {{ $volume_name }} - configMap: - defaultMode: {{ $volume_value.defaultMode }} - name: {{ $volume_name }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/dslorchestrator/templates/extra-list.yaml b/charts/dslorchestrator/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/dslorchestrator/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/dslorchestrator/templates/pvc.yaml b/charts/dslorchestrator/templates/pvc.yaml deleted file mode 100644 index 0ef0189d0..000000000 --- a/charts/dslorchestrator/templates/pvc.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} -spec: - accessModes: - {{- if not (empty .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- else }} - - {{ .Values.persistence.accessMode | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} - {{- end }} \ No newline at end of file diff --git a/charts/dslorchestrator/templates/secrets.yaml b/charts/dslorchestrator/templates/secrets.yaml deleted file mode 100644 index 7f68aa950..000000000 --- a/charts/dslorchestrator/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.dslorchestrator.secrets }} -{{- range $secret_name, $secret_value := .Values.dslorchestrator.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secret_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -type: Opaque -data: - {{- range $key, $value := $secret_value }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/dslorchestrator/templates/service-account.yaml b/charts/dslorchestrator/templates/service-account.yaml deleted file mode 100644 index 226571032..000000000 --- a/charts/dslorchestrator/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "dslorchestrator.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/dslorchestrator/values.yaml b/charts/dslorchestrator/values.yaml deleted file mode 100644 index d73fcaaa8..000000000 --- a/charts/dslorchestrator/values.yaml +++ /dev/null @@ -1,522 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -image: - registry: docker.io - repository: mosipqa/dsl-orchestrator - tag: develop - - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -springServicePort: 8083 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: ['/bin/bash'] -args: ['-c', "/home/${container_user}/scripts/fetch_docker_image_hash_ids.sh"] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1000m - memory: 3500Mi - requests: - cpu: 1000m - memory: 3500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2600M -Xmx2600M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - global - - s3 - - keycloak-host - - db - - dslorchestrator - - config-server-share - - artifactory-share -## Secret with extra environment variables -## -extraEnvVarsSecret: - - s3 - - keycloak-client-secrets - - postgres-postgresql - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: - - command: - - /bin/bash - - -c - - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" - |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST - $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" - -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN - CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool - -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass - changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" - -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" - ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; - EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; - fi - env: - - name: ENABLE_INSECURE - value: "true" - envFrom: - - configMapRef: - name: global - image: docker.io/openjdk:11-jre - imagePullPolicy: Always - name: cacerts - resources: {} - securityContext: - runAsUser: 0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /cacerts - name: cacerts - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: true - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 100m - existingClaim: - nfs: - path: '/srv/nfs/mosip/dsl-scenarios/' - server: '' - # Dir where config and keys are written inside container - mountDir: '/home/mosip/mountvolume/scenarios' - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: true - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: false - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -## Admin swagger should have only internal access. Hence linked to internal gateway -istio: - enabled: false - gateways: - - istio-system/internal - prefix: - corsPolicy: - allowOrigins: - - prefix: https://api-internal.sandbox.xyz.net - allowCredentials: true - allowHeaders: - - Accept - - Accept-Encoding - - Accept-Language - - Connection - - Content-Type - - Cookie - - Host - - Referer - - Sec-Fetch-Dest - - Sec-Fetch-Mode - - Sec-Fetch-Site - - Sec-Fetch-User - - Origin - - Upgrade-Insecure-Requests - - User-Agent - - sec-ch-ua - - sec-ch-ua-mobile - - sec-ch-ua-platform - - x-xsrf-token - - xsrf-token - allowMethods: - - GET - - POST - - PATCH - - PUT - - DELETE - -types: - - name: full - enabled: true - - name: sanity - enabled: true - -crontime: "0 3 * * *" ## run cronjob every day at 3 AM (time hr: 0-23 ) - -dslorchestrator: - configmaps: - s3: - s3-host: 'http://minio.minio:9000' - s3-user-key: 'admin' - s3-region: '' - db: - db-port: '5432' - db-su-user: 'postgres' - db-server: 'api-internal.sandbox.xyz.net' - dslorchestrator: - ENABLE_INSECURE: "false" - ENDPOINT: "https://api-internal.sandbox.xyz.net" - USER: "api-internal.sandbox.xyz.net" - # dslorchestrator scenario mountPath - mountPathForScenario: "/home/mosip/mountvolume/" - mountPath: "/home/mosip/mountvolume" - packetUtilityBaseUrl: https:///v1/packetcreator - s3-account: "dslreports" - threadCount: "8" - push-reports-to-s3: "yes" - enableDebug: "no" - langselect: "0" - admin_userName: "test0" - useExternalScenarioSheet: "no" - servicesNotDeployed: "" - scenariosToSkip: "" - scenariosToExecute: "" - scripts: - fetch_docker_image_hash_ids.sh: | - #!/bin/bash - sleep 5 - export DOCKER_HASH_ID=$( kubectl get pod "$HOSTNAME" -n "$NS" -o jsonpath='{.status.containerStatuses[*].imageID}' | sed 's/ /\n/g' | grep -v 'istio' | sed 's/docker\-pullable\:\/\///g' ) - export DOCKER_IMAGE=$( kubectl get pod "$HOSTNAME" -n "$NS" -o jsonpath='{.status.containerStatuses[*].image}' | sed 's/ /\n/g' | grep -v 'istio' | sed 's/docker\-pullable\:\/\///g' ) - if [[ -z $DOCKER_HASH_ID ]]; then - echo "DOCKER_HASH_ID IS EMPTY;EXITING"; - exit 1; - fi - echo "DOCKER_HASH_ID ; $DOCKER_HASH_ID" - echo "DOCKER_IMAGE : $DOCKER_IMAGE" - kubectl get pods -A -o=jsonpath='{range .items[*]}{.metadata.namespace}{","}{.metadata.labels.app\.kubernetes\.io\/name}{","}{.status.containerStatuses[?(@.name!="istio-proxy")].image}{","}{.status.containerStatuses[?(@.name!="istio-proxy")].imageID}{","}{.metadata.creationTimestamp}{"\n"}' | sed 's/ /\n/g' | grep -vE 'istio*|longhorn*|cattle*|rancher|kube' | sed 's/docker\-pullable\:\/\///g' | sort -u | sed '/,,,/d' | awk -F ',' 'BEGIN {print "{ \"POD_NAME\": \"'$(echo $HOSTNAME)'\", \"DOCKER_IMAGE\": \"'$(echo $DOCKER_IMAGE)'\", \"DOCKER_HASH_ID\": \"'$(echo $DOCKER_HASH_ID)'\", \"k8s-cluster-image-list\": ["} {print "{"} {print "\"namespace\": \"" $1 "\","} {print "\"app_name\": \"" $2 "\","} {print "\"docker_image_name\": \"" $3 "\","} {print "\"docker_image_id\": \"" $4 "\","} {print "\"creation_timestamp\": \"" $5 "\"" } {print "},"} END {print "]}"}' | sed -z 's/},\n]/}\n]/g' | jq -r . | tee -a images-list.json - ## run entrypoint script - sleep 5 - cd /home/${container_user}/ - bash ./entrypoint.sh - secrets: - volumes: - configmaps: - scripts: - defaultMode: 0777 - volumeMounts: - mountPath: '/home/mosip/scripts/' - -enable_insecure: false diff --git a/charts/dslrig/.gitignore b/charts/dslrig/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/dslrig/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/dslrig/.helmignore b/charts/dslrig/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/dslrig/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/dslrig/Chart.yaml b/charts/dslrig/Chart.yaml deleted file mode 100644 index 894da1110..000000000 --- a/charts/dslrig/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: dslrig -description: A Helm chart to deploy dslrig to test working of MOSIP modules -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - dslrig -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/dslrig/README.md b/charts/dslrig/README.md deleted file mode 100644 index fc718095b..000000000 --- a/charts/dslrig/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# dslrig [Work In Progress (WIP)] - -Helm chart to deploy dslrig for `MOSIP` modules - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/dslrig -``` diff --git a/charts/dslrig/templates/NOTES.txt b/charts/dslrig/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/dslrig/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/dslrig/templates/_helpers.tpl b/charts/dslrig/templates/_helpers.tpl deleted file mode 100644 index 419f57da6..000000000 --- a/charts/dslrig/templates/_helpers.tpl +++ /dev/null @@ -1,61 +0,0 @@ -{{/* -Return the proper image name -*/}} - - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "dslrig.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "dslrig.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "dslrig.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "dslrig.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "dslrig.validateValues.foo" .) -}} -{{- $messages := append $messages (include "dslrig.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "dslrig.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* Create the name for restart cronjob */}} -{{- define "dslrig.cronjob" -}} -{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- end -}} diff --git a/charts/dslrig/templates/configmaps.yaml b/charts/dslrig/templates/configmaps.yaml deleted file mode 100644 index b90c1ca1c..000000000 --- a/charts/dslrig/templates/configmaps.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.dslrig.configmaps }} -{{- range $cm_name, $cm_value := .Values.dslrig.configmaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/dslrig/templates/cronjob.yaml b/charts/dslrig/templates/cronjob.yaml deleted file mode 100644 index 6f244a4c1..000000000 --- a/charts/dslrig/templates/cronjob.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- range $type := $.Values.types }} -{{- if $type.enabled }} ---- -apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }} -kind: CronJob -metadata: - name: {{ template "dslrig.cronjob" $ }}-{{ $type.name }} - namespace: {{ $.Release.Namespace }} -spec: - {{- if eq $type.name "full" }} - suspend: false - {{- end }} - {{- if eq $type.name "sanity" }} - suspend: true - {{- end }} - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 # remove jobs which are successfully executed - failedJobsHistoryLimit: 1 # except 1 recent failed job, remove jobs which are not successfully executed - #schedule: '*/3 * * * *' # cron spec of time - schedule: {{ $.Values.crontime }} - jobTemplate: - spec: - backoffLimit: 0 # this has very low chance of failing, as all this does - # is prompt kubernetes to schedule new replica set for - # the deployment - # activeDeadlineSeconds: 600 # timeout, makes most sense with - # "waiting for rollout" variant specified below - template: - spec: - serviceAccountName: {{ template "dslrig.serviceAccountName" $ }} - restartPolicy: Never - initContainers: - - name: volume-permissions - image: {{ include "common.images.image" (dict "imageRoot" $.Values.containers.dslorchestrator.image "global" $.Values.global) }} - imagePullPolicy: {{ $.Values.containers.dslorchestrator.image.pullPolicy }} - securityContext: - runAsUser: 0 - command: - - /bin/bash - - -c - - chown -R mosip:mosip - {{- range $key, $value := $.Values.containers }} - {{- if $value.volumes }} - {{- range $value.volumes }} - {{ .mountDir }} - {{- end }} - {{- end }} - {{- end }} - volumeMounts: - {{- range $key, $value := (omit $.Values.containers "authdemo" ) }} - {{- if $value.volumes }} - {{- range $value.volumes }} - - name: {{ .pvc_name }} - mountPath: {{ .mountDir }} - {{- end }} - {{- end }} - {{- end }} - {{- if $.Values.enable_insecure }} - {{- include "common.tplvalues.render" (dict "value" $.Values.initContainers "context" $) | nindent 12 }} - {{- end }} - containers: - {{ range $key, $value := $.Values.containers }} - - name: {{ $key }} - image: {{ include "common.images.image" (dict "imageRoot" $value.image "global" $.Values.global) }} - imagePullPolicy: {{ $value.image.pullPolicy }} - {{- if $.Values.lifecycleHooks }} - lifecycle: {{- include "common.tpvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.containerSecurityContext.enabled }} - securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if $value.command }} - command: - - {{- $value.command | quote | indent 1 }} - {{- end }} - {{- if $value.args }} - args: - {{- range $value.args }} - - {{- . | quote | indent 1 }} - {{- end }} - {{- end }} - env: - {{- if $.Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - {{- if eq $type.name "full" }} - - name: TESTLEVEL - value: "full" - {{- end }} - {{- if eq $type.name "sanity" }} - - name: TESTLEVEL - value: "sanity" - {{- end }} - {{- if $value.envVars }} - {{- range $envName, $envValue := $value.envVars }} - - name: {{ $envName }} - value: {{ $envValue }} - {{- end }} - {{- end }} - envFrom: - {{- if $value.envVarsCM }} - {{- range $value.envVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if $value.envVarsSecret }} - {{- range $value.envVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - ports: - - name: spring-service - containerPort: {{ $value.springServicePort }} - {{- if $value.healthcheck.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit $value.healthcheck.startupProbe "enabled") "context" $) | nindent 14 }} - {{- end }} - {{- if $value.healthcheck.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $value.healthcheck.livenessProbe "enabled") "context" $) | nindent 14 }} - {{- end }} - {{- if $value.healthcheck.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit $value.healthcheck.readinessProbe "enabled") "context" $) | nindent 14 }} - {{- end }} - {{- if $.Values.resources }} - resources: {{- toYaml $.Values.resources | nindent 14 }} - {{- end }} - volumeMounts: - - name: del-cm - mountPath: /home/mosip/scripts/ - {{- if $value.volumes }} - {{- range $value.volumes }} - - name: {{ .pvc_name }} - mountPath: {{ .mountDir }} - {{- end }} - {{- end }} - {{- if $.Values.enable_insecure }} - - mountPath: /usr/local/openjdk-11/lib/security/cacerts - name: cacerts - subPath: cacerts - {{- end }} - {{- end }} - volumes: - {{- range $volume_name, $volume := $.Values.volumes }} - {{- if and $volume.enabled (not $volume.existingClaim) }} - - name: {{ $volume_name }} - persistentVolumeClaim: - claimName: {{ $volume_name }} - {{- end }} - {{- end }} - {{- if $.Values.enable_insecure }} - - name: cacerts - emptyDir: {} - {{- end }} - - name: del-cm - configMap: - name: del - defaultMode: 511 -{{- end }} -{{- end }} diff --git a/charts/dslrig/templates/extra-list.yaml b/charts/dslrig/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/dslrig/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/dslrig/templates/pod-reader-role-binding.yaml b/charts/dslrig/templates/pod-reader-role-binding.yaml deleted file mode 100644 index ac2be9127..000000000 --- a/charts/dslrig/templates/pod-reader-role-binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: exec-pod-rolebinding - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: {{ template "dslrig.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: exec-pod-role - apiGroup: rbac.authorization.k8s.io diff --git a/charts/dslrig/templates/pod-reader-role.yaml b/charts/dslrig/templates/pod-reader-role.yaml deleted file mode 100644 index 4dfdceb4c..000000000 --- a/charts/dslrig/templates/pod-reader-role.yaml +++ /dev/null @@ -1,9 +0,0 @@ -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - namespace: {{ .Release.Namespace }} - name: exec-pod-role -rules: - - apiGroups: [""] - resources: ["pods","pods/exec"] - verbs: ["get", "list", "delete", "exec", "create"] diff --git a/charts/dslrig/templates/pvc.yaml b/charts/dslrig/templates/pvc.yaml deleted file mode 100644 index 37ec6ba60..000000000 --- a/charts/dslrig/templates/pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- range $volume_name, $volume := .Values.volumes }} -{{- if and $volume.enabled (not $volume.existingClaim) }} ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ $volume_name }} - namespace: {{ $.Release.Namespace | quote }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if $.Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - "helm.sh/resource-policy": keep -spec: - accessModes: - {{- if not (empty $volume.accessModes) }} - {{- range $volume.accessModes }} - - {{ . | quote }} - {{- end }} - {{- else }} - - {{ $volume.accessMode | quote }} - {{- end }} - resources: - requests: - storage: {{ $volume.size | quote }} - {{- include "common.storage.class" (dict "persistence" $volume "global" $.Values.global) | nindent 2 }} - {{- if $volume.dataSource }} - dataSource: {{- include "common.tplvalues.render" (dict "value" $volume.dataSource "context" $) | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/dslrig/templates/secrets.yaml b/charts/dslrig/templates/secrets.yaml deleted file mode 100644 index a9aefce5d..000000000 --- a/charts/dslrig/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.dslrig.secrets }} -{{- range $secret_name, $secret_value := .Values.dslrig.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secret_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -type: Opaque -data: - {{- range $key, $value := $secret_value }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/dslrig/templates/service-account.yaml b/charts/dslrig/templates/service-account.yaml deleted file mode 100644 index a34af2dca..000000000 --- a/charts/dslrig/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "dslrig.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/dslrig/values.yaml b/charts/dslrig/values.yaml deleted file mode 100644 index 84cf603ec..000000000 --- a/charts/dslrig/values.yaml +++ /dev/null @@ -1,583 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 3500m - memory: 4500Mi - requests: - cpu: 1000m - memory: 3500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2600M -Xmx2600M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: [] -## Secret with extra environment variables -## -extraEnvVarsSecret: [] -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: - - command: - - /bin/bash - - -c - - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" - |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST - $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" - -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN - CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool - -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass - changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" - -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" - ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; - EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; - fi - env: - - name: ENABLE_INSECURE - value: "true" - envFrom: - - configMapRef: - name: global - image: docker.io/openjdk:11-jre - imagePullPolicy: Always - name: cacerts - resources: {} - securityContext: - runAsUser: 0 - capabilities: - add: - - SYS_PTRACE - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /cacerts - name: cacerts - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -volumes: - authdemo: - enabled: true - storageClass: 'longhorn' - accessModes: - - ReadWriteMany - size: 1Gi - existingClaim: - packetcreator-data: - enabled: true - storageClass: 'longhorn' - accessModes: - - ReadWriteMany - size: 50Gi - existingClaim: - dslorchestrator: - enabled: true - storageClass: 'longhorn' - accessModes: - - ReadWriteMany - size: 100Mi - existingClaim: -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: false - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -types: - - name: full - enabled: true - - name: sanity - enabled: true - -crontime: "0 3 * * *" ## run cronjob every day at 3 AM (time hr: 0-23 ) - - -dslrig: - configmaps: - s3: - s3-host: 'http://minio.minio:9000' - s3-user-key: 'admin' - s3-region: '' - db: - db-port: '5432' - db-su-user: 'postgres' - db-server: 'api-internal.dev.mosip.net' - dslrig: - ENABLE_INSECURE: "false" - ENDPOINT: "https://api-internal.dev.mosip.net" - USER: "api-internal.dev.mosip.net" - DEFAULT_SCENARIOS: "true" - authCertsPath: "/home/mosip/authcerts" - authDemoServiceBaseURL: "http://localhost" - authDemoServicePort: "8082" - # authdemo volume mountPath - mountPath: "/home/mosip/mountvolume" - # dslrig scenario mountPath - mountPathForScenario: "/home/mosip/mountvolume/" - packetUtilityBaseUrl: http://localhost:8080/v1/packetcreator - s3-account: "dslreports" - threadCount: "8" - push-reports-to-s3: "yes" - enableDebug: "yes" - langselect: "0" - del: - del.sh: | - #!/bin/bash - cd $work_dir; - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"; - chmod +x kubectl; - ./kubectl -n dslrig exec -it $HOSTNAME -c authdemo -- bash -c "kill -s TERM\$( ps -aux | grep java | awk 'NR==1{print \$2}' ) || true;" ; - ./kubectl -n dslrig exec -it $HOSTNAME -c packetcreator-data -- bash -c "kill -9 \$( ps -aux | grep java | awk 'NR==1{print \$2}' ) || true;" ; - - secrets: - -enable_insecure: false - -containers: - dslorchestrator: - image: - registry: docker.io - repository: syedsalman041997/dsl-orchestrator - tag: develop - pullPolicy: Always - volumes: - - pvc_name: 'dslorchestrator' - mountDir: '/home/mosip/mountvolume/scenarios' - envVars: - JDK_JAVA_OPTIONS: '-Xms2600M -Xmx2600M' - container_user: 'mosip' - envVarsCM: - - global - - s3 - - keycloak-host - - db - - dslrig - - config-server-share - - artifactory-share - envVarsSecret: - - s3 - - keycloak-client-secrets - - postgres-postgresql - springServicePort: 8083 - healthcheck: - startupProbe: - enabled: false - livenessProbe: - enabled: false - readinessProbe: - enabled: false - command: '/bin/bash' - args: - - '-c' - - 'echo "Initial sleep 30 seconds"; - sleep 30; - MY_PROBE_CHECK_PATHS="$packetUtilityBaseUrl/actuator/health,$authDemoServiceBaseURL:$authDemoServicePort/v1/identity/actuator/health"; - for str in $(echo $MY_PROBE_CHECK_PATHS | tr "," " "); do - COUNT=60; - while [[ $COUNT -gt 0 ]]; do - curl_output=$(curl -w "%{http_code}" -o /dev/null -s -k "$str"); - if ! [[ "$curl_output" = "200" ]]; then - (( COUNT-- )); - echo "$str failed with status code $curl_output" >> /dev/stderr && sleep 10 && continue; - fi; - echo "$str passed with status code $curl_output"; - COUNT=50; - break; - done; - done; - echo "Sleeping for 30 seconds"; - sleep 30; - ./entrypoint.sh - bash scripts/del.sh ## Todo: Requires get api to shutdown authdemo and packetcreator. Currently we are stopping via kubectl command. - ' - authdemo: - image: - registry: docker.io - repository: mosipdev/authentication-demo-service - tag: develop - pullPolicy: Always - springServicePort: 8082 - volumes: - - pvc_name: 'authdemo' - mountDir: '/home/mosip/authcerts' - envVars: - JDK_JAVA_OPTIONS: '-Xms2600M -Xmx2600M' - container_user: 'mosip' - envVarsCM: - - global - - s3 - - keycloak-host - - db - - dslrig - - config-server-share - - artifactory-share - envVarsSecret: - - s3 - - keycloak-client-secrets - - postgres-postgresql - healthcheck: - startupProbe: - enabled: true - httpGet: - path: /v1/identity/actuator/health - port: 8082 - initialDelaySeconds: 0 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 60 - successThreshold: 1 - livenessProbe: - enabled: true - httpGet: - path: /v1/identity/actuator/health - port: 8082 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 10 - successThreshold: 1 - readinessProbe: - enabled: true - httpGet: - path: /v1/identity/actuator/health - port: 8082 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - packetcreator-data: - image: - registry: docker.io - repository: syedsalman041997/dsl-packetcreator - tag: develop - pullPolicy: Always - springServicePort: 8080 - volumes: - - pvc_name: 'packetcreator-data' - mountDir: '/home/mosip/mountvolume' - - pvc_name: 'authdemo' - mountDir: '/home/mosip/authcerts' - envVars: - JDK_JAVA_OPTIONS: '-Xms2600M -Xmx2600M' - container_user: 'mosip' - envVarsCM: - - global - - s3 - - keycloak-host - - db - - dslrig - - config-server-share - - artifactory-share - envVarsSecret: - - s3 - - keycloak-client-secrets - - postgres-postgresql - healthcheck: - startupProbe: - enabled: true - httpGet: - path: /v1/packetcreator/actuator/health - port: 8080 - initialDelaySeconds: 0 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 60 - successThreshold: 1 - livenessProbe: - enabled: true - httpGet: - path: /v1/packetcreator/actuator/health - port: 8080 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - readinessProbe: - enabled: true - httpGet: - path: /v1/packetcreator/actuator/health - port: 8080 - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/key-migration-utility/.gitignore b/charts/key-migration-utility/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/key-migration-utility/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/key-migration-utility/.helmignore b/charts/key-migration-utility/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/key-migration-utility/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/key-migration-utility/Chart.yaml b/charts/key-migration-utility/Chart.yaml deleted file mode 100644 index d877f6208..000000000 --- a/charts/key-migration-utility/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: key-migration-utility -description: A Helm chart to migrate keys from any keystore type to any other supported format. -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - key-migration-utility -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/key-migration-utility/README.md b/charts/key-migration-utility/README.md deleted file mode 100644 index 5cb608860..000000000 --- a/charts/key-migration-utility/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# key-migration-utility - -Helm chart for installing Kernel module key-migration-utility. - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/key-migration-utility -``` - -## Introduction - -The helm chart here essentially contains job that helps to migrate keys from any keystore type to any other supported format. - -Keymanager facilitates various keystore types, including `PKCS11`, `PKCS12`, `JCE`, and `offline`. - -**Note :** The offline keystore type is not compatible with keymigration operations. - -## Prerequisites - -- Kubernetes 1.12+ -- Helm 3.1.0 -- PV provisioner support in the underlying infrastructure -- ReadWriteMany volumes for deployment scaling - -## Installing the Chart - -To install the chart with the release name `key-migration-utility`. - -```console -helm install my-release mosip/key-migration-utility -``` - -The command deploys key-migration-utility on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. - -> **Tip**: List all releases using `helm list` - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```console -helm delete my-release -``` -The command removes all the Kubernetes components associated with the chart and deletes the release. - diff --git a/charts/key-migration-utility/templates/NOTES.txt b/charts/key-migration-utility/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/key-migration-utility/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/key-migration-utility/templates/_helpers.tpl b/charts/key-migration-utility/templates/_helpers.tpl deleted file mode 100644 index 8602b84e4..000000000 --- a/charts/key-migration-utility/templates/_helpers.tpl +++ /dev/null @@ -1,60 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "key-migration-utility.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "key-migration-utility.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "key-migration-utility.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "key-migration-utility.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "key-migration-utility.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "key-migration-utility.validateValues.foo" .) -}} -{{- $messages := append $messages (include "key-migration-utility.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "key-migration-utility.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - - diff --git a/charts/key-migration-utility/templates/extra-list.yaml b/charts/key-migration-utility/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/key-migration-utility/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/key-migration-utility/templates/job.yaml b/charts/key-migration-utility/templates/job.yaml deleted file mode 100644 index 696bdbe93..000000000 --- a/charts/key-migration-utility/templates/job.yaml +++ /dev/null @@ -1,90 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook-delete-policy": hook-succeeded - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - backoffLimit: {{ .Values.backoffLimit }} - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - sidecar.istio.io/inject: "false" - spec: - {{- include "key-migration-utility.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.podSecurityContext.fsGroup }} - {{- if .Values.podSecurityContext.sysctls }} - sysctls: - {{- toYaml .Values.podSecurityContext.sysctls | nindent 8 }} - {{- end }} - {{- end }} - serviceAccountName: {{ include "key-migration-utility.serviceAccountName" . }} - restartPolicy: Never # This is one time job - containers: - - name: key-migration-utility - image: {{ template "key-migration-utility.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: container_user - value: {{ .Values.containerSecurityContext.runAsUser }} - {{- if .Values.additionalResources.javaOpts }} - - name: JDK_JAVA_OPTIONS - value: {{ .Values.additionalResources.javaOpts }} - {{- end }} - - name: spring_config_name_env - value: {{ .Values.springConfigNameEnv }} - {{- if .Values.activeProfileEnv }} - - name: active_profile_env - value: {{ .Values.activeProfileEnv }} - {{- end }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - - configMapRef: - name: {{ .Values.softHsmCM }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} diff --git a/charts/key-migration-utility/templates/service-account.yaml b/charts/key-migration-utility/templates/service-account.yaml deleted file mode 100644 index fbb6145a8..000000000 --- a/charts/key-migration-utility/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "key-migration-utility.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/key-migration-utility/values.yaml b/charts/key-migration-utility/values.yaml deleted file mode 100644 index 4017214d4..000000000 --- a/charts/key-migration-utility/values.yaml +++ /dev/null @@ -1,313 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -image: - registry: docker.io - repository: mosipdev/keys-migrator - tag: develop - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 200m - # memory: 256Mi - requests: {} - # cpu: 200m - # memory: 10Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## "backoff" strategy - It is used when dealing with resources that are retrying or recovering from failures. -## -backoffLimit: 0 - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## - -extraEnvVars: [] - -## ConfigMap with extra environment variables that used -## -## IMPORTANT: softhsm name needs to be set if not default as mentioned below. This applies if softhsm name -## is different -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - -## Secret with extra environment variables -## -extraEnvVarsSecret: [] - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: {} - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -# migration -springConfigNameEnv: -# default or migration -activeProfileEnv: - -## This param is to be set during installation. -## For Kernel: softhsm-kernel-share -## For IDA: softhsm-ida-share -softHsmCM: diff --git a/charts/keycloak-init/.gitignore b/charts/keycloak-init/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/keycloak-init/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/keycloak-init/.helmignore b/charts/keycloak-init/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/keycloak-init/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/keycloak-init/Chart.yaml b/charts/keycloak-init/Chart.yaml deleted file mode 100644 index 489e67fe9..000000000 --- a/charts/keycloak-init/Chart.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v2 -name: keycloak-init -description: A Helm chart for Kubernetes to initialize Keycloak (updating for test) -type: application -version: 0.0.1-develop -appVersion: 1.2.0 -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x - -home: https://mosip.io -keywords: - - keycloak - - access-management -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/keycloak-init/README.md b/charts/keycloak-init/README.md deleted file mode 100644 index bfd6add8c..000000000 --- a/charts/keycloak-init/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# Keycloak Init - -* Make sure Keycloak server is running -* Update helm dependencies using: -``` -$ helm dependency update -``` -* Run the helm chart -``` -$ helm install keycloak-init keycloak-init -``` diff --git a/charts/keycloak-init/charts/common-1.13.0.tgz b/charts/keycloak-init/charts/common-1.13.0.tgz deleted file mode 100644 index 680f16d84..000000000 Binary files a/charts/keycloak-init/charts/common-1.13.0.tgz and /dev/null differ diff --git a/charts/keycloak-init/templates/_helpers.tpl b/charts/keycloak-init/templates/_helpers.tpl deleted file mode 100644 index e86252359..000000000 --- a/charts/keycloak-init/templates/_helpers.tpl +++ /dev/null @@ -1,69 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "keycloak-init.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "keycloak-init.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "keycloak-init.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "keycloak-init.labels" -}} -helm.sh/chart: {{ include "keycloak-init.chart" . }} -{{ include "keycloak-init.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "keycloak-init.selectorLabels" -}} -app.kubernetes.io/name: {{ include "keycloak-init.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "keycloak-init.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "keycloak-init.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Return the Keycloak encrypted password -*/}} -{{- define "keycloak.admin.encryptedPassword" -}} -{{- .Values.keycloak.admin.password | b64enc | quote -}} -{{- end -}} diff --git a/charts/keycloak-init/templates/client-secrets.yaml b/charts/keycloak-init/templates/client-secrets.yaml deleted file mode 100644 index 7235baa3a..000000000 --- a/charts/keycloak-init/templates/client-secrets.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: keycloak-client-secrets - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: postgres - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -type: Opaque -data: - {{- range $index, $client := .Values.clientSecrets }} - {{- if $client.secret }} - {{ $client.name }}: {{ $client.secret | b64enc | quote }} - {{- else }} - {{ $client.name }}: {{ randAlphaNum 16 | b64enc | quote }} - {{- end }} - {{- end }} - - diff --git a/charts/keycloak-init/templates/configmap.yaml b/charts/keycloak-init/templates/configmap.yaml deleted file mode 100644 index 323022f1d..000000000 --- a/charts/keycloak-init/templates/configmap.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s-configuration" (include "keycloak-init.fullname" .) }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - app.kubernetes.io/component: keycloak-init - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -data: - input.yaml: | - {{ .Values.keycloak.realms | toYaml | nindent 4 }} - diff --git a/charts/keycloak-init/templates/job.yaml b/charts/keycloak-init/templates/job.yaml deleted file mode 100644 index 86b24f8fb..000000000 --- a/charts/keycloak-init/templates/job.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "keycloak-init.fullname" . }} - labels: - {{- include "keycloak-init.labels" . | nindent 4 }} -spec: - backoffLimit: 0 - template: - metadata: - labels: - {{- include "keycloak-init.selectorLabels" . | nindent 8 }} - sidecar.istio.io/inject: "false" - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "keycloak-init.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.jobSecurityContext | nindent 8 }} - restartPolicy: Never # This is one time job - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- $globalSecretName := include "common.secrets.name" (dict "existingSecret" .Values.keycloak.existingSecret "context" $) }} - - name: KEYCLOAK_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.keycloak.admin.secret.existingSecret }} - key: {{ .Values.keycloak.admin.secret.key }} - - name: KEYCLOAK_SERVER_URL - valueFrom: - configMapKeyRef: - name: {{ .Values.keycloak.host.existingConfigMap }} - key: {{ .Values.keycloak.host.key }} - - name: KEYCLOAK_ADMIN_USER - valueFrom: - configMapKeyRef: - name: {{ .Values.keycloak.admin.userName.existingConfigMap }} - key: {{ .Values.keycloak.admin.userName.key }} - - name: FRONTEND_URL - value: {{ .Values.frontend }} - - name: INPUT_FILE - value: input.yaml # Must match below file name in the mount - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - - secretRef: - name: keycloak-client-secrets - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - - volumeMounts: - - name: keycloak-init-input - mountPath: /opt/mosip/input/input.yaml # Same as INPUT_DIR/INPUT_FILE in docker - subPath: input.yaml # INPUT_FILE in docker - volumes: - - name: keycloak-init-input - configMap: - name: {{ printf "%s-configuration" (include "keycloak-init.fullname" .) }} - diff --git a/charts/keycloak-init/templates/serviceaccount.yaml b/charts/keycloak-init/templates/serviceaccount.yaml deleted file mode 100644 index 94d477d9b..000000000 --- a/charts/keycloak-init/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "keycloak-init.serviceAccountName" . }} - labels: - {{- include "keycloak-init.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} diff --git a/charts/keycloak-init/templates/tests/test-connection.yaml b/charts/keycloak-init/templates/tests/test-connection.yaml deleted file mode 100644 index 4a24842ab..000000000 --- a/charts/keycloak-init/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "keycloak-init.fullname" . }}-test-connection" - labels: - {{- include "keycloak-init.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "keycloak-init.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/charts/keycloak-init/values.yaml b/charts/keycloak-init/values.yaml deleted file mode 100644 index 611d3c900..000000000 --- a/charts/keycloak-init/values.yaml +++ /dev/null @@ -1,734 +0,0 @@ -# Default values for keycloak-init. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: mosipqa/keycloak-init - pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. - tag: develop - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -jobAnnotations: {} - -jobSecurityContext: {} -# fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true -# runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: [] - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m -# memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - - -## It is assumed that these configmaps are created when Keycloak was installed and available in the same namespace -## as this chart -keycloak: - host: - existingConfigMap: keycloak-host - key: keycloak-internal-service-url - admin: - userName: - existingConfigMap: keycloak-env-vars - key: KEYCLOAK_ADMIN_USER - secret: - existingSecret: keycloak - key: admin-password - - realms: - # realm - mosip: - realm_config: - "realm": 'mosip' - "enabled": 'True' - "accessCodeLifespan": 7200 - "accessCodeLifespanLogin": 1800 - "accessCodeLifespanUserAction": 300 - "accessTokenLifespan": 86400 - "accessTokenLifespanForImplicitFlow": 900 - "actionTokenGeneratedByAdminLifespan": 43200 - "actionTokenGeneratedByUserLifespan": 300 - "passwordPolicy": "length(8)" - "resetPasswordAllowed": 'True' - "bruteForceProtected": 'True' - "permanentLockout": 'False' - "maxFailureWaitSeconds": 900 - "minimumQuickLoginWaitSeconds": 60 - "waitIncrementSeconds": 300 - "quickLoginCheckMilliSeconds": 1000 - "maxDeltaTimeSeconds": 600 - "failureFactor": 5 - # "attributes": - # "frontendUrl": '' - "loginTheme": "mosip" - "accountTheme": "mosip" - "adminTheme": "mosip" - "emailTheme": "mosip" - "browserSecurityHeaders": - "contentSecurityPolicy": "frame-src 'self' https://www.google.com; frame-ancestors 'self'; object-src 'none';" - # "smtpServer": - # "password": "" - # "starttls": "false" - # "auth": "true" - # "port": "465" - # "host": "smtp.gmail.com" - # "from": "" - # "ssl": "true" - # "user": "" - roles: - - Default - - ABIS_PARTNER - - SDK_PARTNER - - AUTH - - AUTH_PARTNER - - BIOMETRIC_READ - - CENTRAL_ADMIN - - CENTRAL_APPROVER - - CREATE_SHARE - - CREDENTIAL_ISSUANCE - - CREDENTIAL_PARTNER - - CREDENTIAL_REQUEST - - DATA_READ - - DEVICE_PROVIDER - - DIGITALCARD_ADMIN - - DOCUMENT_READ - - FTM_PROVIDER - - GLOBAL_ADMIN - - ID_AUTHENTICATION - - ID_REPOSITORY - - INDIVIDUAL - - KEY_MAKER - - MASTERDATA_ADMIN - - METADATA_READ - - MISP - - MISP_PARTNER - - offline_access - - ONLINE_VERIFICATION_PARTNER - - PARTNER - - PARTNER_ADMIN - - POLICYMANAGER - - PREREG - - PRE_REGISTRATION - - PRE_REGISTRATION_ADMIN - - PRINT_PARTNER - - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_ANONYMOUS_PROFILE_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL - - PUBLISH_IDENTITY_CREATED_GENERAL - - PUBLISH_IDENTITY_UPDATED_GENERAL - - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - PUBLISH_MASTERDATA_TITLES_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_MOSIP_HOTLIST_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL - - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL - - REGISTRATION_ADMIN - - REGISTRATION_OFFICER - - REGISTRATION_OPERATOR - - REGISTRATION_PROCESSOR - - REGISTRATION_SUPERVISOR - - RESIDENT - - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_APIKEY_APPROVED_GENERAL - - SUBSCRIBE_APIKEY_UPDATED_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_IDENTITY_CREATED_GENERAL - - SUBSCRIBE_IDENTITY_UPDATED_GENERAL - - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - SUBSCRIBE_MASTERDATA_TITLES_GENERAL - - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL - - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL - - SUBSCRIBE_MOSIP_HOTLIST_GENERAL - - SUBSCRIBE_PARTNER_UPDATED_GENERAL - - SUBSCRIBE_POLICY_UPDATED_GENERAL - - SUBSCRIBE_REMOVE_ID_INDIVIDUAL - - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL - - uma_authorization - - ZONAL_ADMIN - - ZONAL_APPROVER - - HOTLIST_ADMIN - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - SUBSCRIBE_AUTHENTICATION_TRANSACTION_STATUS - - CARD_DISBURSEMENT_ADMIN - - PMS_ADMIN - - PMS_USER - - SUBSCRIBE_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_OIDC_CLIENT_CREATED_GENERAL - - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - - PUBLISH_AUTHENTICATION_ERRORS_GENERAL - - PUBLISH_REMOVE_ID_STATUS_GENERAL - - SUBSCRIBE_REMOVE_ID_STATUS_GENERAL - client_scopes: - - name: add_oidc_client - description: Scope required to create OIDC client - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: update_oidc_client - description: '' - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: get_certificate - description: Scope required to create OIDC client - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: upload_certificate - description: '' - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: individual_id - description: Scope required to create resident client - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "true", - include.in.token.scope: "true" - } - - name: ida_token - description: '' - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "true", - include.in.token.scope: "true" - } - - name: send_binding_otp - description: Scope required to create mpartner-default-mobile client - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - - name: wallet_binding - description: Scope required to create mpartner-default-mobile client - protocol: openid-connect - "Include In Token Scope": on - attributes: { - display.on.consent.screen: "false", - include.in.token.scope: "true" - } - clients: - - name: mosip-abis-client - mappers: [] - saroles: [] - - - name: mosip-admin-client - mappers: [] - saroles: - - MASTERDATA_ADMIN - - GLOBAL_ADMIN - - PUBLISH_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - offline_access - - PUBLISH_MOSIP_HOTLIST_GENERAL - - uma_authorization - - PUBLISH_MASTERDATA_TITLES_GENERAL - - - name: mosip-admin-services-client - mappers: [] - saroles: [] - - - name: mosip-auth-client - mappers: [] - saroles: - - AUTH - - - name: mosip-crereq-client - mappers: [] - saroles: - - CREDENTIAL_ISSUANCE - - CREDENTIAL_REQUEST - - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL - - offline_access - - uma_authorization - - - name: mosip-creser-client - mappers: [] - saroles: - - CREDENTIAL_ISSUANCE - - REGISTRATION_PROCESSOR - - POLICYMANAGER - - CREATE_SHARE - - offline_access - - PUBLISH_CREDENTIAL_ISSUED_ALL_INDIVIDUAL - - uma_authorization - - name: mosip-creser-idpass-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - - - name: mosip-datsha-client - mappers: [] - saroles: - - CREATE_SHARE - - REGISTRATION_PROCESSOR - - POLICYMANAGER - - - name: mosip-ida-client - mappers: [] - saroles: - - CREDENTIAL_REQUEST - - GLOBAL_ADMIN - - ID_AUTHENTICATION - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - - - name: mosip-misp-client - mappers: [] - saroles: [] - - - name: mosip-pms-client - mappers: - - mapper_name: phoneNumber - mapper_user_attribute: phoneNumber - token_claim_name: phoneNumber - - mapper_name: organizationName - mapper_user_attribute: organizationName - token_claim_name: organizationName - - mapper_name: partnerType - mapper_user_attribute: partnerType - token_claim_name: partnerType - - mapper_name: addressTest - mapper_user_attribute: address - token_claim_name: addressTest - saroles: - - REGISTRATION_PROCESSOR - - CREATE_SHARE - - PMS_ADMIN - - PMS_USER - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_MISP_LICENSE_UPDATED_GENERAL - - PUBLISH_PARTNER_UPDATED_GENERAL - - PUBLISH_MISP_LICENSE_GENERATED_GENERAL - - PUBLISH_APIKEY_APPROVED_GENERAL - - PUBLISH_APIKEY_UPDATED_GENERAL - - PUBLISH_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_POLICY_UPDATED_GENERAL - - PARTNER_ADMIN - - PUBLISH_OIDC_CLIENT_CREATED_GENERAL - - PUBLISH_OIDC_CLIENT_UPDATED_GENERAL - - ZONAL_ADMIN - - DEVICE_PROVIDER - - PARTNER - assign_client_scopes: - - update_oidc_client - - add_oidc_client - - get_certificate - - upload_certificate - - - name: mosip-policymanager-client - mappers: [] - saroles: [] - - - name: mosip-reg-client - mappers: [] - saroles: - - GLOBAL_ADMIN - - REGISTRATION_ADMIN - - REGISTRATION_OFFICER - - REGISTRATION_OPERATOR - - REGISTRATION_SUPERVISOR - - - name: mosip-regproc-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - - PARTNER - - PARTNER_ADMIN - - PMS_USER - - POLICYMANAGER - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - - name: mpartner-default-mobile - mappers: [] - saroles: - - CREDENTIAL_PARTNER - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - PUBLISH_REGISTRATION_PROCESSOR_WORKFLOW_PAUSED_FOR_ADDITIONAL_INFO_EVENT_GENERAL - - SUBSCRIBE_REGISTRATION_PROCESSOR_WORKFLOW_COMPLETED_EVENT_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - assign_client_scopes: - - send_binding_otp - - wallet_binding - - - name: mosip-resident-client - mappers: - - mapper_name: individual_id - mapper_user_attribute: individual_id - token_claim_name: individual_id - - mapper_name: ida_token - mapper_user_attribute: ida_token - token_claim_name: ida_token - saroles: - - RESIDENT - - PARTNER_ADMIN - - CREDENTIAL_REQUEST - - offline_access - - uma_authorization - - SUBSCRIBE_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_CREDENTIAL_STATUS_UPDATE_GENERAL - assign_client_scopes: - - individual_id - - ida_token - - - name: mosip-prereg-client - mappers: [] - saroles: - - PREREG - - REGISTRATION_PROCESSOR - - PRE_REGISTRATION_ADMIN - - - name: mosip-creser-idpass-client - mappers: [] - saroles: - - REGISTRATION_PROCESSOR - - DATA_READ - - DOCUMENT_READ - - BIOMETRIC_READ - - METADATA_READ - - CREATE_SHARE - - CREDENTIAL_REQUEST - - - name: mosip-syncdata-client - mappers: [] - saroles: - - REGISTRATION_ADMIN - - GLOBAL_ADMIN - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - REGISTRATION_SUPERVISOR - - REGISTRATION_OFFICER - - - name: mpartner-default-auth - mappers: - - mapper_name: langCode - mapper_user_attribute: langCode - token_claim_name: langCode - saroles: - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL - - SUBSCRIBE_POLICY_UPDATED_GENERAL - - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL - - CREDENTIAL_REQUEST - - SUBSCRIBE_MOSIP_HOTLIST_GENERAL - - PUBLISH_ANONYMOUS_PROFILE_GENERAL - - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_REMOVE_ID_INDIVIDUAL - - SUBSCRIBE_MASTERDATA_TITLES_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL - - ID_AUTHENTICATION - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_PARTNER_UPDATED_GENERAL - - offline_access - - SUBSCRIBE_APIKEY_APPROVED_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - uma_authorization - - SUBSCRIBE_APIKEY_UPDATED_GENERAL - - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - - PUBLISH_AUTHENTICATION_ERRORS_GENERAL - - PUBLISH_REMOVE_ID_STATUS_GENERAL - - - name: mosip-idrepo-client - mappers: [] - saroles: - - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL - - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL - - ID_REPOSITORY - - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL - - offline_access - - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - uma_authorization - - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL - - PUBLISH_IDENTITY_CREATED_GENERAL - - PUBLISH_IDENTITY_UPDATED_GENERAL - - SUBSCRIBE_REMOVE_ID_STATUS_GENERAL - - - name: mpartner-default-print - mappers: [] - saroles: - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - CREATE_SHARE - - PRINT_PARTNER - - - name: mpartner-default-digitalcard - mappers: [] - saroles: - - SUBSCRIBE_IDENTITY_CREATED_GENERAL - - SUBSCRIBE_IDENTITY_UPDATED_GENERAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - CREATE_SHARE - - PRINT_PARTNER - - CREDENTIAL_REQUEST - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - name: mpartner-default-opencrvs - saroles: - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - ID_REPOSITORY - - name: mosip-hotlist-client - saroles: - - HOTLIST_ADMIN - - uma_authorization - - offline_access - - PUBLISH_MOSIP_HOTLIST_GENERAL - - # Used only for initial deployment purposes. Maybe deleted from installation later. - - name: mosip-deployment-client - saroles: - - ID_AUTHENTICATION - - GLOBAL_ADMIN - - PARTNER_ADMIN - - uma_authorization - - offline_access - - - name: mosip-digitalcard-client - saroles: - - CREATE_SHARE - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_IDENTITY_CREATED_GENERAL - - SUBSCRIBE_IDENTITY_UPDATED_GENERAL - - - name: mosip-testrig-client - saroles: - - ID_AUTHENTICATION - - GLOBAL_ADMIN - - PARTNER_ADMIN - - REGISTRATION_PROCESSOR - - CREATE_SHARE - - PMS_ADMIN - - PMS_USER - - uma_authorization - - offline_access - - PUBLISH_DEACTIVATE_ID_ALL_INDIVIDUAL - - SUBSCRIBE_VID_CRED_STATUS_UPDATE_GENERAL - - ID_REPOSITORY - - PUBLISH_ACTIVATE_ID_ALL_INDIVIDUAL - - PUBLISH_REMOVE_ID_ALL_INDIVIDUAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_VID_CRED_STATUS_UPDATE_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ALL_INDIVIDUAL - - PUBLISH_IDENTITY_CREATED_GENERAL - - PUBLISH_IDENTITY_UPDATED_GENERAL - - SUBSCRIBE_REMOVE_ID_STATUS_GENERAL - sa_client_roles: - ## realm-management client id - - realm-management: - # realm-management client roles - - view-users - - view-clients - - view-realm - - manage-users - - name: mpartner-default-template - mappers: - - mapper_name: langCode - mapper_user_attribute: langCode - token_claim_name: langCode - saroles: - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_INDIVIDUAL - - SUBSCRIBE_POLICY_UPDATED_GENERAL - - SUBSCRIBE_MISP_LICENSE_GENERATED_GENERAL - - CREDENTIAL_REQUEST - - SUBSCRIBE_MOSIP_HOTLIST_GENERAL - - PUBLISH_ANONYMOUS_PROFILE_GENERAL - - SUBSCRIBE_ACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_REMOVE_ID_INDIVIDUAL - - SUBSCRIBE_MASTERDATA_TITLES_GENERAL - - SUBSCRIBE_CREDENTIAL_ISSUED_INDIVIDUAL - - SUBSCRIBE_MISP_LICENSE_UPDATED_GENERAL - - ID_AUTHENTICATION - - PUBLISH_CREDENTIAL_STATUS_UPDATE_GENERAL - - SUBSCRIBE_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_PARTNER_UPDATED_GENERAL - - offline_access - - SUBSCRIBE_APIKEY_APPROVED_GENERAL - - PUBLISH_AUTH_TYPE_STATUS_UPDATE_ACK_GENERAL - - SUBSCRIBE_MASTERDATA_IDAUTHENTICATION_TEMPLATES_GENERAL - - uma_authorization - - SUBSCRIBE_APIKEY_UPDATED_GENERAL - - SUBSCRIBE_DEACTIVATE_ID_INDIVIDUAL - - SUBSCRIBE_CA_CERTIFICATE_UPLOADED_GENERAL - - PUBLISH_AUTHENTICATION_TRANSACTION_STATUS_GENERAL - - PUBLISH_IDA_FRAUD_ANALYTICS_GENERAL - - SUBSCRIBE_OIDC_CLIENT_CREATED_GENERAL - - SUBSCRIBE_OIDC_CLIENT_UPDATED_GENERAL - - PUBLISH_AUTHENTICATION_ERRORS_GENERAL - users: [] - -## These will be passed as environments variables to keycloak-init docker. Note the expected naming convention is -## _. If empty secret is passed, it shall be randomly generated -clientSecrets: - - name: mosip_abis_client_secret - secret: "" - - name: mosip_admin_client_secret - secret: "" - - name: mosip_admin_services_client_secret - secret: "" - - name: mosip_auth_client_secret - secret: "" - - name: mosip_crereq_client_secret - secret: "" - - name: mosip_creser_client_secret - secret: "" - - name: mosip_datsha_client_secret - secret: "" - - name: mosip_ida_client_secret - secret: "" - - name: mosip_misp_client_secret - secret: "" - - name: mosip_pms_client_secret - secret: "" - - name: mosip_policymanager_client_secret - secret: "" - - name: mosip_reg_client_secret - secret: "" - - name: mosip_regproc_client_secret - secret: "" - - name: mosip_resident_client_secret - secret: "" - - name: mosip_prereg_client_secret - secret: "" - - name: mosip_creser_idpass_client_secret - secret: "" - - name: mosip_syncdata_client_secret - secret: "" - - name: mosip_deployment_client_secret - secret: "" - - name: mpartner_default_auth_secret - secret: "" - - name: mosip_idrepo_client_secret - secret: "" - - name: mpartner_default_print_secret - secret: "" - - name: mosip_hotlist_client_secret - secret: "" - - name: mpartner_default_mobile_secret - secret: "" - - name: mosip_digitalcard_client_secret - secret: "" - - name: mpartner_default_digitalcard_secret - secret: "" - - name: mosip_testrig_client_secret - secret: "" - - name: mpartner_default_template_secret - secret: "" - -extraEnvVarsSecret: [] -extraEnvVarsCM: [] diff --git a/charts/minio-client-util/Chart.yaml b/charts/minio-client-util/Chart.yaml deleted file mode 100644 index 0ff2f19a4..000000000 --- a/charts/minio-client-util/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: minio-client-util -description: A Helm chart to deploy s3 utility to remove apitestrig reports from minio -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - minioclient -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/minio-client-util/templates/_helpers.tpl b/charts/minio-client-util/templates/_helpers.tpl deleted file mode 100644 index e39e97c4a..000000000 --- a/charts/minio-client-util/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "minioclient.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "minioclient.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "minioclient.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "minioclient.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "minioclient.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "minioclient.validateValues.foo" .) -}} -{{- $messages := append $messages (include "minioclient.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "minioclient.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* Create the name for restart cronjob */}} -{{- define "minioclient.cronjob" -}} -{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- end -}} \ No newline at end of file diff --git a/charts/minio-client-util/templates/configmaps.yaml b/charts/minio-client-util/templates/configmaps.yaml deleted file mode 100644 index 174eac314..000000000 --- a/charts/minio-client-util/templates/configmaps.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.minioclient.configmaps }} - {{- range $cm_name, $cm_value := .Values.minioclient.configmaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} \ No newline at end of file diff --git a/charts/minio-client-util/templates/cronjob.yaml b/charts/minio-client-util/templates/cronjob.yaml deleted file mode 100644 index 9ac492a09..000000000 --- a/charts/minio-client-util/templates/cronjob.yaml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }} -kind: CronJob -metadata: - name: {{ template "minioclient.cronjob" $ }} - namespace: {{ $.Release.Namespace }} - -spec: - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 # remove jobs which are successfully executed - failedJobsHistoryLimit: 1 # except 1 recent failed job, remove jobs which are not successfully executed - #schedule: '*/3 * * * *' # cron spec of time, here, 8 o'clock - schedule: {{ .Values.crontime }} - jobTemplate: - spec: - backoffLimit: {{ .Values.backoffLimit }} # this has very low chance of failing, as all this does - # is prompt kubernetes to schedule new replica set for - # the deployment - # activeDeadlineSeconds: 600 # timeout, makes most sense with - # "waiting for rollout" variant specified below - template: - spec: - # account configured above - restartPolicy: Never - containers: - - name: {{ template "minioclient.serviceAccountName" $ }} - image: {{ template "minioclient.image" $ }} - imagePullPolicy: {{ $.Values.image.pullPolicy }} - {{- if $.Values.lifecycleHooks }} - lifecycle: {{- include "common.tpvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.containerSecurityContext.enabled }} - securityContext: {{- omit $.Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if $.Values.command }} - command: {{- include "common.tpvalues.render" (dict "value" $.Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.args }} - args: {{- include "common.tpvalues.render" (dict "value" $.Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: container_user - value: {{ $.Values.containerSecurityContext.runAsUser }} - {{- if $.Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" $.Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if $.Values.extraEnvVarsCM }} - {{- range $.Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if $.Values.extraEnvVarsSecret }} - {{- range $.Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - diff --git a/charts/minio-client-util/templates/secrets.yaml b/charts/minio-client-util/templates/secrets.yaml deleted file mode 100644 index b63b1b977..000000000 --- a/charts/minio-client-util/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.minioclient.secrets }} - {{- range $secret_name, $secret_value := .Values.minioclient.secrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secret_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -type: Opaque -data: - {{- range $key, $value := $secret_value }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} - {{- end }} - {{- end }} diff --git a/charts/minio-client-util/templates/service-account.yaml b/charts/minio-client-util/templates/service-account.yaml deleted file mode 100644 index f788545ba..000000000 --- a/charts/minio-client-util/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "minioclient.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/minio-client-util/values.yaml b/charts/minio-client-util/values.yaml deleted file mode 100644 index f979687d3..000000000 --- a/charts/minio-client-util/values.yaml +++ /dev/null @@ -1,320 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## "backoff" strategy - It is used when dealing with resources that are retrying or recovering from failures. -## -backoffLimit: 0 - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -image: - registry: docker.io - repository: mosipdev/minio-client-util - tag: latest - - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1000m - memory: 3500Mi - requests: - cpu: 1000m - memory: 3500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2600M -Xmx2600M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - s3 - -## Secret with extra environment variables -## -extraEnvVarsSecret: - - s3 - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: {} - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Admin swagger should have only internal access. Hence linked to internal gateway -istio: - enabled: false - gateways: - - istio-system/internal - -crontime: "0 4 * * *" ## run cronjob every day at 4 AM in GMT which is 9.30 AM in IST (time hr: 0-23 ) - -minioclient: - configmaps: - s3: - S3_SERVER_URL: 'http://minio.minio:9000' - S3_ACCESS_KEY: 'admin' - S3_BUCKET_LIST: 'automation,dslreports' - s3_region: '' - S3_RETENTION_DAYS: 5d - secrets: - s3: - S3_SECRET_KEY: 'minio' diff --git a/charts/mosipcertmanager/Chart.yaml b/charts/mosipcertmanager/Chart.yaml deleted file mode 100644 index a2dab749f..000000000 --- a/charts/mosipcertmanager/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: mosipcertmanager -description: A Helm chart to deploy mosipcertmanager to test working of MOSIP modules -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - mosipcertmanager -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/mosipcertmanager/README.md b/charts/mosipcertmanager/README.md deleted file mode 100644 index 9ac9c56e2..000000000 --- a/charts/mosipcertmanager/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# mosipcertmanager -Helm chart for installing mosipcertmanager - -## Introduction -It's a cronjob that checks DBs for partner certificate expiry dates and renews the certificates if expired. - - -# TL;DR -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/mosipcertmanager -``` - diff --git a/charts/mosipcertmanager/templates/NOTES.txt b/charts/mosipcertmanager/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/mosipcertmanager/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/mosipcertmanager/templates/_helpers.tpl b/charts/mosipcertmanager/templates/_helpers.tpl deleted file mode 100644 index 896e7c6d0..000000000 --- a/charts/mosipcertmanager/templates/_helpers.tpl +++ /dev/null @@ -1,63 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "mosipcertmanager.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mosipcertmanager.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mosipcertmanager.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "mosipcertmanager.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "mosipcertmanager.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "mosipcertmanager.validateValues.foo" .) -}} -{{- $messages := append $messages (include "mosipcertmanager.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "mosipcertmanager.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* Create the name for restart cronjob */}} -{{- define "mosipcertmanager.cronjob" -}} -{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- end -}} diff --git a/charts/mosipcertmanager/templates/configmaps.yaml b/charts/mosipcertmanager/templates/configmaps.yaml deleted file mode 100644 index bf60bd5d6..000000000 --- a/charts/mosipcertmanager/templates/configmaps.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.mosipcertmanager.configmaps }} - {{- range $cm_name, $cm_value := .Values.mosipcertmanager.configmaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - {{- end }} \ No newline at end of file diff --git a/charts/mosipcertmanager/templates/cronjob.yaml b/charts/mosipcertmanager/templates/cronjob.yaml deleted file mode 100644 index de9add54f..000000000 --- a/charts/mosipcertmanager/templates/cronjob.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }} -kind: CronJob -metadata: - name: {{ template "mosipcertmanager.cronjob" $ }} - namespace: {{ .Release.Namespace }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - labels: {{- include "common.labels.standard" $ | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - -spec: - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 # remove jobs which are successfully executed - failedJobsHistoryLimit: 1 # except 1 recent failed job, remove jobs which are not successfully executed - #schedule: '*/3 * * * *' # cron spec of time - schedule: {{ .Values.crontime }} - jobTemplate: - spec: - backoffLimit: 0 # this has very low chance of failing, as all this does - # is prompt kubernetes to schedule new replica set for - # the deployment - # activeDeadlineSeconds: 600 # timeout, makes most sense with - # "waiting for rollout" variant specified below - template: - spec: - # account configured above - restartPolicy: Never - containers: - - name: {{ template "mosipcertmanager.serviceAccountName" $ }} - image: {{ template "mosipcertmanager.image" $ }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tpvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tpvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tpvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: mosip_pms_client_secret - valueFrom: - secretKeyRef: - key: mosip_pms_client_secret - name: keycloak-client-secrets - - name: container_user - value: {{ .Values.containerSecurityContext.runAsUser }} - {{- if .Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - ports: - - name: spring-service - containerPort: {{ .Values.springServicePort }} \ No newline at end of file diff --git a/charts/mosipcertmanager/templates/extra-list.yaml b/charts/mosipcertmanager/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/mosipcertmanager/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/mosipcertmanager/templates/secrets.yaml b/charts/mosipcertmanager/templates/secrets.yaml deleted file mode 100644 index 15f9aef84..000000000 --- a/charts/mosipcertmanager/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.mosipcertmanager.secrets }} -{{- range $secret_name, $secret_value := .Values.mosipcertmanager.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secret_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -type: Opaque -data: - {{- range $key, $value := $secret_value }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/mosipcertmanager/templates/service-account.yaml b/charts/mosipcertmanager/templates/service-account.yaml deleted file mode 100644 index eeff0bb4b..000000000 --- a/charts/mosipcertmanager/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "mosipcertmanager.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/mosipcertmanager/values.yaml b/charts/mosipcertmanager/values.yaml deleted file mode 100644 index c3ec038de..000000000 --- a/charts/mosipcertmanager/values.yaml +++ /dev/null @@ -1,432 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -image: - registry: docker.io - repository: mosipdev/certmanager - tag: develop2 - - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -springServicePort: 8083 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1000m - memory: 3500Mi - requests: - cpu: 1000m - memory: 3500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2600M -Xmx2600M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - global - - db - - mosipcertmanager -## Secret with extra environment variables -## -extraEnvVarsSecret: - - s3 - - postgres-postgresql - - keycloak-client-secrets - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: - - command: - - /bin/bash - - -c - - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" - |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST - $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" - -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN - CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool - -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass - changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" - -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" - ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; - EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; - fi - env: - - name: ENABLE_INSECURE - value: "true" - envFrom: - - configMapRef: - name: global - image: docker.io/openjdk:11-jre - imagePullPolicy: Always - name: cacerts - resources: {} - securityContext: - runAsUser: 0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /cacerts - name: cacerts - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: true - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 100m - existingClaim: - nfs: - path: '/srv/nfs/mosip/dsl-scenarios/' - server: '' - # Dir where config and keys are written inside container - mountDir: '/home/mosip/mountvolume/scenarios' - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: true - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: false - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -## Admin swagger should have only internal access. Hence linked to internal gateway - -crontime: "0 3 * * *" ## run cronjob every day at 3 AM (time hr: 0-23 ) - -mosipcertmanager: - configmaps: - db: - db-port: '5432' - db-su-user: 'postgres' - db-host: 'mosip-api-internal-host' - mosipcertmanager: - pre-expiry-days: '7' - -enable_insecure: false diff --git a/charts/opencrvs-mediator/.gitignore b/charts/opencrvs-mediator/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/opencrvs-mediator/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/opencrvs-mediator/Chart.yaml b/charts/opencrvs-mediator/Chart.yaml deleted file mode 100644 index 8184b63a2..000000000 --- a/charts/opencrvs-mediator/Chart.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v2 -name: opencrvs-mediator -description: A Helm chart for mosip-opencrvs mediator. -type: application -version: 0.0.1-develop -appVersion: "" -home: https://mosip.io -dependencies: -- name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -keywords: - - mosip - - mosip-opencrvs-mediator - - opencrvs-mediator - - opencrvs -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/opencrvs-mediator/README.md b/charts/opencrvs-mediator/README.md deleted file mode 100644 index 9e803a954..000000000 --- a/charts/opencrvs-mediator/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# MOSIP Opencrvs Mediator - -Helm chart for installing for Opencrvs Mediator. - -## Install - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/opencrvs-mediator -``` diff --git a/charts/opencrvs-mediator/templates/NOTES.txt b/charts/opencrvs-mediator/templates/NOTES.txt deleted file mode 100644 index 4f4b86dd6..000000000 --- a/charts/opencrvs-mediator/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -Installation done diff --git a/charts/opencrvs-mediator/templates/_helpers.tpl b/charts/opencrvs-mediator/templates/_helpers.tpl deleted file mode 100644 index 2788b0c6c..000000000 --- a/charts/opencrvs-mediator/templates/_helpers.tpl +++ /dev/null @@ -1,58 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "mediator.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "mediator.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "mediator.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "mediator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "mediator.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "mediator.validateValues.foo" .) -}} -{{- $messages := append $messages (include "mediator.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "mediator.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} diff --git a/charts/opencrvs-mediator/templates/deployment.yaml b/charts/opencrvs-mediator/templates/deployment.yaml deleted file mode 100644 index 2a99f2983..000000000 --- a/charts/opencrvs-mediator/templates/deployment.yaml +++ /dev/null @@ -1,199 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - strategy: - {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} - {{- if .Values.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podAnnotations "context" $ ) | nindent 8 }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.podLabels "context" $ ) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{- include "mediator.serviceAccountName" . | nindent 8 }} - {{- include "mediator.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: - {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: - {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{- include "mediator.volumePermissions.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - %%commands%% - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: foo - mountPath: bar - {{- end }} - {{- if .Values.initContainers }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: mediator - image: {{ template "mediator.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: opencrvs_auth_url - value: {{ .Values.mediator.opencrvs.authUrl }} - - name: kernel_auth_adapter_available - value: {{ .Values.mediator.kernelAuthAdapterAvailable | quote }} - - name: opencrvs_receive_credential_url - value: {{ .Values.mediator.opencrvs.receiveCredentialUrl }} - - name: opencrvs_locations_url - value: {{ .Values.mediator.opencrvs.locationsUrl }} - - name: mosip_opencrvs_client_id - value: {{ .Values.mediator.opencrvs.mosipOpencrvsClientId }} - - name: mosip_opencrvs_client_secret_key - valueFrom: - secretKeyRef: - key: mosip_resident_client_secret - name: keycloak-client-secrets - - name: opencrvs_client_sha_secret - valueFrom: - secretKeyRef: - key: mosip_resident_client_secret - name: keycloak-client-secrets - - name: mosip_opencrvs_death_client_secret - valueFrom: - secretKeyRef: - key: mosip_idrepo_client_secret - name: keycloak-client-secrets - - name: mosip_opencrvs_db_datasource_password - valueFrom: - secretKeyRef: - key: db-dbuser-password - name: db-common-secrets - - name: mosip_opencrvs_death_client_id - value: {{ .Values.mediator.opencrvs.mosipOpencrvsDeathClientId }} - - name: mosip_receive_credential_url - value: http://{{ template "common.names.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.port }}/opencrvs/v1/internal/receiveCredentialBirth - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - - envFrom: - {{- if .Values.envVarsCM }} - {{- range .Values.envVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.envVarsSecret }} - {{- range .Values.envVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - - {{- end }} - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - - ports: - - name: container-port - containerPort: {{ .Values.containerPort }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - volumeMounts: - - name: opencrvs-certs - mountPath: /certs/mnt - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: opencrvs-certs - secret: - secretName: {{ .Values.mediator.opencrvs.certsKeysSecretName }} \ No newline at end of file diff --git a/charts/opencrvs-mediator/templates/extra-list.yaml b/charts/opencrvs-mediator/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/opencrvs-mediator/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/opencrvs-mediator/templates/service-account.yaml b/charts/opencrvs-mediator/templates/service-account.yaml deleted file mode 100644 index b5a8b31d2..000000000 --- a/charts/opencrvs-mediator/templates/service-account.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "mediator.serviceAccountName" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/opencrvs-mediator/templates/service.yaml b/charts/opencrvs-mediator/templates/service.yaml deleted file mode 100644 index 20cb4931d..000000000 --- a/charts/opencrvs-mediator/templates/service.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - protocol: TCP - targetPort: {{ .Values.containerPort }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/opencrvs-mediator/templates/servicemonitor.yaml b/charts/opencrvs-mediator/templates/servicemonitor.yaml deleted file mode 100644 index 64db5089a..000000000 --- a/charts/opencrvs-mediator/templates/servicemonitor.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- end }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - endpoints: - - targetPort: {{ .Values.containerPort }} - path: {{ .Values.metrics.endpointPath }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/opencrvs-mediator/templates/virtualservice.yaml b/charts/opencrvs-mediator/templates/virtualservice.yaml deleted file mode 100644 index 5529234e1..000000000 --- a/charts/opencrvs-mediator/templates/virtualservice.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if .Values.istio.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ template "common.names.fullname" . }} - labels: - {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - hosts: - - "*" - gateways: - {{- if .Values.istio.existingGateway }} - - {{ .Values.istio.existingGateway }} - {{- else }} - - {{ template "common.names.fullname" . }} - {{- end }} - http: - - match: - - uri: - regex: \/opencrvs\/v1\/[^(internal)].* - route: - - destination: - host: {{ template "common.names.fullname" . }} - port: - number: {{ .Values.service.port }} - headers: - request: - set: - x-forwarded-proto: https -{{- end }} diff --git a/charts/opencrvs-mediator/values.yaml b/charts/opencrvs-mediator/values.yaml deleted file mode 100644 index aca26a8ad..000000000 --- a/charts/opencrvs-mediator/values.yaml +++ /dev/null @@ -1,425 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: {} - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -mediator: - opencrvs: - authUrl: "" - partnerClientSecretName: opencrvs-partner-client-creds - clientSecretName: opencrvs-client-creds - receiveCredentialUrl: "" - certsKeysSecretName: opencrvs-certs - mosipOpencrvsClientId: mosip-resident-client - mosipOpencrvsDeathClientId: mosip-idrepo-client - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -image: - registry: docker.io - repository: mosipdev/mosip-opencrvs-mediator - tag: develop - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -containerPort: 4545 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## -startupProbe: - enabled: true - httpGet: - path: "/opencrvs/v1/actuator/health" - port: 4545 - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 10 - successThreshold: 1 - -livenessProbe: - enabled: true - httpGet: - path: "/opencrvs/v1/actuator/health" - port: 4545 - initialDelaySeconds: 5 - periodSeconds: 60 - timeoutSeconds: 5 - failureThreshold: 2 - successThreshold: 1 - -readinessProbe: - enabled: true - httpGet: - path: "/opencrvs/v1/actuator/health" - port: 4545 - initialDelaySeconds: 5 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 2 - successThreshold: 1 - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: {} - # cpu: 200m - # memory: 256Mi - requests: {} - # cpu: 100m - # memory: 1500Mi - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - -## Secret with extra environment variables -## -extraEnvVarsSecret: - - opencrvs-certs - - opencrvs-client-creds - - mosip-client-creds - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: {} - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: false - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -istio: - enabled: true - # existingGateway example values: istio-system/public , istio-system/internal - existingGateway: "istio-system/public" - # the following newGateway option is only valid if above existingGateway is null/empty - newGateway: - # host example value: opencrvs.sandbox.mosip.net - host: "" - ingressController: - # for public, istio: ingressgateway && for internal, istio: ingressgateway-internal - istio: ingressgateway diff --git a/charts/packetcreator/.gitignore b/charts/packetcreator/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/packetcreator/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/packetcreator/.helmignore b/charts/packetcreator/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/packetcreator/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/packetcreator/Chart.yaml b/charts/packetcreator/Chart.yaml deleted file mode 100644 index e50830741..000000000 --- a/charts/packetcreator/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: packetcreator -description: A Helm chart for DSL orchestrator -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - packetcreator -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/packetcreator/README.md b/charts/packetcreator/README.md deleted file mode 100644 index d608839ac..000000000 --- a/charts/packetcreator/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# Packetcreator Service - -Helm chart for installing MOSIP Packetcreator - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/packetcreator -``` diff --git a/charts/packetcreator/templates/NOTES.txt b/charts/packetcreator/templates/NOTES.txt deleted file mode 100644 index 8b1378917..000000000 --- a/charts/packetcreator/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ - diff --git a/charts/packetcreator/templates/_helpers.tpl b/charts/packetcreator/templates/_helpers.tpl deleted file mode 100644 index a4f592f61..000000000 --- a/charts/packetcreator/templates/_helpers.tpl +++ /dev/null @@ -1,58 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "packetcreator.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "packetcreator.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "packetcreator.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "packetcreator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "packetcreator.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "packetcreator.validateValues.foo" .) -}} -{{- $messages := append $messages (include "packetcreator.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "packetcreator.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} diff --git a/charts/packetcreator/templates/configmaps.yaml b/charts/packetcreator/templates/configmaps.yaml deleted file mode 100644 index b883cd0a5..000000000 --- a/charts/packetcreator/templates/configmaps.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.packetcreator.configmaps }} -{{- range $cm_name, $cm_value := .Values.packetcreator.configmaps }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/packetcreator/templates/deployment.yaml b/charts/packetcreator/templates/deployment.yaml deleted file mode 100644 index f08cf8aac..000000000 --- a/charts/packetcreator/templates/deployment.yaml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - annotations: - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - replicas: {{ .Values.replicaCount }} - {{- if .Values.updateStrategy }} - strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} - {{- end }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} - template: - metadata: - annotations: - {{- if or .Values.podAnnotations .Values.metrics.enabled }} - {{- include "packetcreator.podAnnotations" . | nindent 8 }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.podLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "packetcreator.serviceAccountName" . }} - {{- include "packetcreator.imagePullSecrets" . | nindent 6 }} - {{- if .Values.hostAliases }} - hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} - {{- else }} - affinity: - podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} - podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} - nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} - {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.tolerations }} - tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - {{- if .Values.podSecurityContext.enabled }} - securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - initContainers: - {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} - - name: volume-permissions - image: {{ template "packetcreator.image" . }} - imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} - command: - - /bin/bash - - -c - - chown -R mosip:mosip {{ .Values.persistence.packetcreator_data_mount_dir }} - securityContext: - runAsUser: 0 - {{- if .Values.volumePermissions.resources }} - resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: {{ template "common.names.fullname" . }} - mountPath: {{ .Values.persistence.packetcreator_data_mount_dir }} - {{- end }} - {{- if .Values.enable_insecure }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} - {{- end }} - containers: - - name: packetcreator - image: {{ template "packetcreator.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.command }} - command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.args }} - args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: container_user - value: {{ .Values.containerSecurityContext.runAsUser }} - - name: JDK_JAVA_OPTIONS - value: {{ .Values.additionalResources.javaOpts }} - - name: NS - value: {{ $.Release.Namespace }} - {{- if .Values.extraEnvVars }} - {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - ports: - - name: spring-service - containerPort: {{ .Values.springServicePort }} - {{- if .Values.resources }} - resources: {{- toYaml .Values.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: {{ template "common.names.fullname" . }} - mountPath: {{ .Values.persistence.packetcreator_data_mount_dir }} - {{- if .Values.enable_insecure }} - - mountPath: /usr/local/openjdk-11/lib/security/cacerts - name: cacerts - subPath: cacerts - {{- end }} - {{- if .Values.startupProbe.enabled }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customStartupProbe }} - startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.livenessProbe.enabled }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customLivenessProbe }} - livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.readinessProbe.enabled }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} - {{- else if .Values.customReadinessProbe }} - readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.sidecars }} - {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.persistence.enabled }} - - name: {{ template "common.names.fullname" . }} - persistentVolumeClaim: - claimName: {{ template "common.names.fullname" . }} - {{- end }} - {{- if .Values.enable_insecure }} - - name: cacerts - emptyDir: {} - {{- end }} \ No newline at end of file diff --git a/charts/packetcreator/templates/extra-list.yaml b/charts/packetcreator/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/packetcreator/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/packetcreator/templates/ingress.yaml b/charts/packetcreator/templates/ingress.yaml deleted file mode 100644 index 70270564d..000000000 --- a/charts/packetcreator/templates/ingress.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - annotations: - nginx.ingress.kubernetes.io/rewrite-target: {{ .Values.ingress.prefix }} - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - kubernetes.io/ingress.class: nginx - -spec: - rules: - - host: {{ .Values.ingress.host }} - http: - paths: - - path: {{ .Values.ingress.prefix }} - pathType: Prefix - backend: - service: - name: {{ template "common.names.fullname" . }} - port: - number: {{ .Values.service.port }} -{{- end }} diff --git a/charts/packetcreator/templates/pvc.yaml b/charts/packetcreator/templates/pvc.yaml deleted file mode 100644 index 0ef0189d0..000000000 --- a/charts/packetcreator/templates/pvc.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} -spec: - accessModes: - {{- if not (empty .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - {{- else }} - - {{ .Values.persistence.accessMode | quote }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.size | quote }} - {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} - {{- end }} \ No newline at end of file diff --git a/charts/packetcreator/templates/role.yaml b/charts/packetcreator/templates/role.yaml deleted file mode 100644 index 1612ef596..000000000 --- a/charts/packetcreator/templates/role.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "packetcreator.serviceAccountName" . }}-pods-role - namespace: {{ .Release.Namespace }} -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get","patch","list","watch"] diff --git a/charts/packetcreator/templates/rolebinding.yaml b/charts/packetcreator/templates/rolebinding.yaml deleted file mode 100644 index 2d48d55dc..000000000 --- a/charts/packetcreator/templates/rolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "packetcreator.serviceAccountName" . }}-pods-rolebinding - namespace: {{ .Release.Namespace }} -subjects: - - kind: ServiceAccount - name: {{ template "packetcreator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ template "packetcreator.serviceAccountName" . }}-pods-role - apiGroup: rbac.authorization.k8s.io diff --git a/charts/packetcreator/templates/secrets.yaml b/charts/packetcreator/templates/secrets.yaml deleted file mode 100644 index 45ce802f2..000000000 --- a/charts/packetcreator/templates/secrets.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.packetcreator.secrets }} -{{- range $secret_name, $secret_value := .Values.packetcreator.secrets }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secret_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -type: Opaque -data: - {{- range $key, $value := $secret_value }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/packetcreator/templates/service-account.yaml b/charts/packetcreator/templates/service-account.yaml deleted file mode 100644 index da049eea7..000000000 --- a/charts/packetcreator/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "packetcreator.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} diff --git a/charts/packetcreator/templates/service.yaml b/charts/packetcreator/templates/service.yaml deleted file mode 100644 index 93fdc92b3..000000000 --- a/charts/packetcreator/templates/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "common.names.fullname" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }} - externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} - {{- end }} - {{ if eq .Values.service.type "LoadBalancer" }} - loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} - {{ end }} - {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - ports: - - name: http - port: {{ .Values.service.port }} - protocol: TCP - targetPort: {{ .Values.springServicePort }} - selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/charts/packetcreator/templates/servicemonitor.yaml b/charts/packetcreator/templates/servicemonitor.yaml deleted file mode 100644 index 15f48fdee..000000000 --- a/charts/packetcreator/templates/servicemonitor.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "common.names.fullname" . }} - {{- if .Values.metrics.serviceMonitor.namespace }} - namespace: {{ .Values.metrics.serviceMonitor.namespace }} - {{- else }} - namespace: {{ .Release.Namespace | quote }} - {{- end }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.metrics.serviceMonitor.additionalLabels }} - {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} - {{- end }} -spec: - endpoints: - - targetPort: {{ .Values.springServicePort }} - path: {{ .Values.metrics.endpointPath }} - {{- if .Values.metrics.serviceMonitor.interval }} - interval: {{ .Values.metrics.serviceMonitor.interval }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.honorLabels }} - honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} - {{- end }} - {{- if .Values.metrics.serviceMonitor.relabellings }} - metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Release.Namespace | quote }} - selector: - matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/packetcreator/templates/virtualservice.yaml b/charts/packetcreator/templates/virtualservice.yaml deleted file mode 100644 index 44559745b..000000000 --- a/charts/packetcreator/templates/virtualservice.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{- if .Values.istio.enabled }} -apiVersion: networking.istio.io/v1alpha3 -kind: VirtualService -metadata: - name: {{ template "common.names.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -spec: - hosts: - - "*" - gateways: - {{- include "common.tplvalues.render" ( dict "value" .Values.istio.gateways "context" $ ) | nindent 4 }} - http: - - match: - - uri: - prefix: {{ .Values.istio.prefix }} - route: - - destination: - host: {{ template "common.names.fullname" . }} - port: - number: {{ .Values.service.port }} - corsPolicy: - {{- include "common.tplvalues.render" ( dict "value" .Values.istio.corsPolicy "context" $ ) | nindent 6 }} - headers: - request: - set: - x-forwarded-proto: https -{{- end }} diff --git a/charts/packetcreator/values.yaml b/charts/packetcreator/values.yaml deleted file mode 100644 index be7d96dc0..000000000 --- a/charts/packetcreator/values.yaml +++ /dev/null @@ -1,463 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -service: - type: ClusterIP - port: 80 - ## loadBalancerIP for the SuiteCRM Service (optional, cloud specific) - ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer - ## - ## loadBalancerIP: - ## - ## nodePorts: - ## http: - ## https: - ## - nodePorts: - http: "" - https: "" - ## Enable client source IP preservation - ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip - ## - externalTrafficPolicy: Cluster - -image: - registry: docker.io - repository: mosipqa/dsl-packetcreator - tag: develop - - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -springServicePort: 8080 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## -startupProbe: - enabled: true - httpGet: - path: /v1/packetcreator/actuator/health - port: 8080 - initialDelaySeconds: 0 - periodSeconds: 20 - timeoutSeconds: 5 - failureThreshold: 60 - successThreshold: 1 - -livenessProbe: - enabled: true - httpGet: - path: /v1/packetcreator/actuator/health - port: 8080 - initialDelaySeconds: 20 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -readinessProbe: - enabled: true - httpGet: - path: /v1/packetcreator/actuator/health - port: 8080 - initialDelaySeconds: 0 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 700m - memory: 3000Mi - requests: - cpu: 700m - memory: 3000Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2500M -Xmx2500M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - packetcreator - -## Secret with extra environment variables -## -extraEnvVarsSecret: [] - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: - - command: - - /bin/bash - - -c - - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" - |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST - $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" - -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN - CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool - -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass - changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" - -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" - ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; - EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; - fi - env: - - name: ENABLE_INSECURE - value: "true" - envFrom: - - configMapRef: - name: global - image: docker.io/openjdk:11-jre - imagePullPolicy: Always - name: cacerts - resources: {} - securityContext: - runAsUser: 0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /cacerts - name: cacerts - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: true - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 50G - existingClaim: - # Dir where config and keys are written inside container - packetcreator_data_mount_dir: '/home/mosip/mountvolume/' - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: true - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -## Prometheus Metrics -## -metrics: - enabled: true - ## Prometheus pod annotations - ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - ## - podAnnotations: - prometheus.io/scrape: "true" - - endpointPath: /v1/admin/actuator/prometheus - - ## Prometheus Service Monitor - ## ref: https://github.com/coreos/prometheus-operator - ## - serviceMonitor: - ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry - ## - enabled: true - ## Specify the namespace in which the serviceMonitor resource will be created - ## - # namespace: "" - ## Specify the interval at which metrics should be scraped - ## - interval: 10s - ## Specify the timeout after which the scrape is ended - ## - # scrapeTimeout: 30s - ## Specify Metric Relabellings to add to the scrape endpoint - ## - # relabellings: - ## Specify honorLabels parameter to add the scrape endpoint - ## - honorLabels: false - ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec - ## - additionalLabels: {} - - ## Custom PrometheusRule to be defined - ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart - ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions - ## - prometheusRule: - enabled: false - additionalLabels: {} - namespace: '' - ## List of rules, used as template by Helm. - ## These are just examples rules inspired from https://awesome-prometheus-alerts.grep.to/rules.html - # rules: - # - alert: RabbitmqDown - # expr: rabbitmq_up{service="{{ template "rabbitmq.fullname" . }}"} == 0 - # for: 5m - # labels: - # severity: error - rules: [] - -packetcreator: - configmaps: - packetcreator: - mountPath: /home/mosip/mountvolume - secrets: - -## Ingress -ingress: - enabled: false - host: '' - prefix: '/v1/packetcreator/' - -## Admin swagger should have only internal access. Hence linked to internal gateway -istio: - enabled: true - gateways: - - istio-system/internal - prefix: '/v1/packetcreator' - -enable_insecure: false diff --git a/charts/pms-migration-utility/.gitignore b/charts/pms-migration-utility/.gitignore deleted file mode 100644 index ee3892e87..000000000 --- a/charts/pms-migration-utility/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts/ diff --git a/charts/pms-migration-utility/.helmignore b/charts/pms-migration-utility/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/pms-migration-utility/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/pms-migration-utility/Chart.yaml b/charts/pms-migration-utility/Chart.yaml deleted file mode 100644 index b1faf7d51..000000000 --- a/charts/pms-migration-utility/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: pms-migration-utility -description: A Helm chart to deploy pms-migration-utility -type: application -version: 0.0.1-develop -appVersion: "" -dependencies: - - name: common - repository: https://charts.bitnami.com/bitnami - tags: - - bitnami-common - version: 1.x.x -home: https://mosip.io -keywords: - - mosip - - pms-migration-utility -maintainers: - - email: info@mosip.io - name: MOSIP diff --git a/charts/pms-migration-utility/README.md b/charts/pms-migration-utility/README.md deleted file mode 100644 index 48a8d001e..000000000 --- a/charts/pms-migration-utility/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# pms-migration-utility - -Helm chart to deploy pms-migration-utility. - -## TL;DR - -```console -$ helm repo add mosip https://mosip.github.io -$ helm install my-release mosip/pms-migration-utility -``` diff --git a/charts/pms-migration-utility/templates/NOTES.txt b/charts/pms-migration-utility/templates/NOTES.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/pms-migration-utility/templates/_helpers.tpl b/charts/pms-migration-utility/templates/_helpers.tpl deleted file mode 100644 index 5c16e39c8..000000000 --- a/charts/pms-migration-utility/templates/_helpers.tpl +++ /dev/null @@ -1,98 +0,0 @@ -{{/* -Return the proper image name -*/}} -{{- define "pms-migration-utility.image" -}} -{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "pms-migration-utility.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Return the proper image name (for the init container volume-permissions image) -*/}} -{{- define "pms-migration-utility.volumePermissions.image" -}} -{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} -{{- end -}} - -{{/* -Return the proper Docker Image Registry Secret Names -*/}} -{{- define "pms-migration-utility.imagePullSecrets" -}} -{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}} -{{- end -}} - - -{{/* -Common labels -*/}} -{{- define "pms-migration-utility.labels" -}} -helm.sh/chart: {{ include "pms-migration-utility.chart" . }} -{{ include "pms-migration-utility.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "pms-migration-utility.selectorLabels" -}} -app.kubernetes.io/name: {{ include "pms-migration-utility.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "pms-migration-utility.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "pms-migration-utility.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (printf "%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Compile all warnings into a single message. -*/}} -{{- define "pms-migration-utility.validateValues" -}} -{{- $messages := list -}} -{{- $messages := append $messages (include "pms-migration-utility.validateValues.foo" .) -}} -{{- $messages := append $messages (include "pms-migration-utility.validateValues.bar" .) -}} -{{- $messages := without $messages "" -}} -{{- $message := join "\n" $messages -}} - -{{- if $message -}} -{{- printf "\nVALUES VALIDATION:\n%s" $message -}} -{{- end -}} -{{- end -}} - -{{/* -Return podAnnotations -*/}} -{{- define "pms-migration-utility.podAnnotations" -}} -{{- if .Values.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }} -{{- end }} -{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} -{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }} -{{- end }} -{{- end -}} - -{{/* Create the name for restart cronjob */}} -{{- define "pms-migration-utility.cronjob" -}} -{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }} -{{- end -}} diff --git a/charts/pms-migration-utility/templates/configmaps.yaml b/charts/pms-migration-utility/templates/configmaps.yaml deleted file mode 100644 index fcccaca76..000000000 --- a/charts/pms-migration-utility/templates/configmaps.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.pms_migration_utility.configmaps }} -{{- range $cm_name, $cm_value := .Values.pms_migration_utility.configmaps }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $cm_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -data: - {{- range $key, $value := $cm_value }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/pms-migration-utility/templates/cronjob.yaml b/charts/pms-migration-utility/templates/cronjob.yaml deleted file mode 100644 index 011b8a323..000000000 --- a/charts/pms-migration-utility/templates/cronjob.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.cronjob.enabled }} ---- -apiVersion: {{ include "common.capabilities.cronjob.apiVersion" . }} -kind: CronJob -metadata: - name: {{ template "pms-migration-utility.cronjob" . }} - namespace: {{ .Release.Namespace }} - -spec: - concurrencyPolicy: Forbid - successfulJobsHistoryLimit: 1 # remove jobs which are successfully executed - failedJobsHistoryLimit: 1 # except 1 recent failed job, remove jobs which are not successfully executed - #schedule: '*/3 * * * *' # cron spec of time, here, 8 o'clock - schedule: {{ .Values.cronjob.crontime }} - jobTemplate: - spec: - backoffLimit: 0 # this has very low chance of failing, as all this does - # is prompt kubernetes to schedule new replica set for - # the deployment - # activeDeadlineSeconds: 600 # timeout, makes most sense with - # "waiting for rollout" variant specified below - template: - spec: - # account configured above - restartPolicy: Never - initContainers: - {{- if .Values.enable_insecure }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 12 }} - {{- end }} - containers: - - name: {{ template "pms-migration-utility.serviceAccountName" . }} - image: {{ template "pms-migration-utility.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.lifecycleHooks }} - lifecycle: {{- include "common.tpvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} - {{- end }} - {{- if .Values.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if $.Values.command }} - command: {{- include "common.tpvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} - {{- end }} - {{- if $.Values.args }} - args: {{- include "common.tpvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} - {{- end }} - env: - - name: container_user - value: {{ .Values.containerSecurityContext.runAsUser }} - - name: JDK_JAVA_OPTIONS - value: {{ .Values.additionalResources.javaOpts }} - {{- if .Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - ports: - - name: spring-service - containerPort: {{ .Values.springServicePort }} - volumeMounts: - {{- if .Values.enable_insecure }} - - mountPath: /usr/local/openjdk-11/lib/security/cacerts - name: cacerts - subPath: cacerts - {{- end }} - volumes: - {{- if .Values.enable_insecure }} - - name: cacerts - emptyDir: {} - {{- end }} -{{- end }} diff --git a/charts/pms-migration-utility/templates/extra-list.yaml b/charts/pms-migration-utility/templates/extra-list.yaml deleted file mode 100644 index 9ac65f9e1..000000000 --- a/charts/pms-migration-utility/templates/extra-list.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{- range .Values.extraDeploy }} ---- -{{ include "common.tplvalues.render" (dict "value" . "context" $) }} -{{- end }} diff --git a/charts/pms-migration-utility/templates/job.yaml b/charts/pms-migration-utility/templates/job.yaml deleted file mode 100644 index 03b431729..000000000 --- a/charts/pms-migration-utility/templates/job.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if not .Values.cronjob.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - annotations: - "helm.sh/hook-delete-policy": hook-succeeded - {{- if .Values.commonAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - -spec: - backoffLimit: 0 - template: - metadata: - labels: {{- include "common.labels.standard" . | nindent 8 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - sidecar.istio.io/inject: "false" - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "pms-migration-utility.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.jobSecurityContext | nindent 8 }} - restartPolicy: Never # This is one time job - initContainers: - {{- if .Values.enable_insecure }} - {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 12 }} - {{- end }} - containers: - - name: {{ template "pms-migration-utility.cronjob" . }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: {{ template "pms-migration-utility.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: container_user - value: {{ .Values.containerSecurityContext.runAsUser }} - - name: JDK_JAVA_OPTIONS - value: {{ .Values.additionalResources.javaOpts }} - {{- if .Values.extraEnvVars }} - {{- include "common.tpvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} - {{- end }} - envFrom: - {{- if .Values.extraEnvVarsCM }} - {{- range .Values.extraEnvVarsCM }} - - configMapRef: - name: {{ . }} - {{- end }} - {{- end }} - {{- if .Values.extraEnvVarsSecret }} - {{- range .Values.extraEnvVarsSecret }} - - secretRef: - name: {{ . }} - {{- end }} - {{- end }} - volumeMounts: - {{- if .Values.enable_insecure }} - - mountPath: /usr/local/openjdk-11/lib/security/cacerts - name: cacerts - subPath: cacerts - {{- end }} - volumes: - {{- if .Values.enable_insecure }} - - name: cacerts - emptyDir: {} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/pms-migration-utility/templates/secrets.yaml b/charts/pms-migration-utility/templates/secrets.yaml deleted file mode 100644 index e0aa6279c..000000000 --- a/charts/pms-migration-utility/templates/secrets.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.pms_migration_utility.secrets }} -{{- range $secret_name, $secret_value := index .Values.pms_migration_utility.secrets }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secret_name }} - namespace: {{ $.Release.Namespace }} - labels: {{- include "common.labels.standard" $ | nindent 8 }} - {{- if $.Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 8 }} - {{- end }} - {{- if $.Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 8 }} - {{- end }} -type: Opaque -data: - {{- range $key, $value := $secret_value }} - {{ $key }}: {{ $value | b64enc | quote }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/pms-migration-utility/templates/service-account.yaml b/charts/pms-migration-utility/templates/service-account.yaml deleted file mode 100644 index 0c4aaa474..000000000 --- a/charts/pms-migration-utility/templates/service-account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - name: {{ template "pms-migration-utility.serviceAccountName" . }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/pms-migration-utility/values.yaml b/charts/pms-migration-utility/values.yaml deleted file mode 100644 index e8b18ed95..000000000 --- a/charts/pms-migration-utility/values.yaml +++ /dev/null @@ -1,350 +0,0 @@ -## Global Docker image parameters -## Please, note that this will override the image parameters, including dependencies, configured to use the global value -## Current available global Docker image parameters: imageRegistry and imagePullSecrets -## -# global: -# imageRegistry: myRegistryName -# imagePullSecrets: -# - myRegistryKeySecretName -# storageClass: myStorageClass - -## Add labels to all the deployed resources -## -commonLabels: - app.kubernetes.io/component: mosip - -## Add annotations to all the deployed resources -## -commonAnnotations: {} - -## Kubernetes Cluster Domain -## -clusterDomain: cluster.local - -## Extra objects to deploy (value evaluated as a template) -## -extraDeploy: [] - -## Number of nodes -## -replicaCount: 1 - -image: - registry: docker.io - repository: mosipdev/pms-migration-utility - tag: develop - ## Specify a imagePullPolicy - ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' - ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - ## - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - # pullSecrets: - # - myRegistryKeySecretName - -## Port on which this particular spring service module is running. -springServicePort: 8081 - -## Configure extra options for liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes -## - -## -# existingConfigmap: - -## Command and args for running the container (set to default if not set). Use array form -## -command: [] -args: [] - -## Deployment pod host aliases -## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ -## -hostAliases: [] - -## ref: http://kubernetes.io/docs/user-guide/compute-resources/ -## -resources: - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1000m - memory: 3500Mi - requests: - cpu: 1000m - memory: 3500Mi - -additionalResources: - ## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources - ## Example: java_opts: "-Xms500M -Xmx500M" - javaOpts: "-Xms2600M -Xmx2600M" - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -## Clamav container already runs as 'mosip' user, so we may not need to enable this -containerSecurityContext: - enabled: false - runAsUser: mosip - runAsNonRoot: true - -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod -## -podSecurityContext: - enabled: false - fsGroup: 1001 - -## Pod affinity preset -## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAffinityPreset: "" - -## Pod anti-affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity -## Allowed values: soft, hard -## -podAntiAffinityPreset: soft - -## Node affinity preset -## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity -## Allowed values: soft, hard -## -nodeAffinityPreset: - ## Node affinity type - ## Allowed values: soft, hard - ## - type: "" - ## Node label key to match - ## E.g. - ## key: "kubernetes.io/e2e-az-name" - ## - key: "" - ## Node label values to match - ## E.g. - ## values: - ## - e2e-az1 - ## - e2e-az2 - ## - values: [] - -## Affinity for pod assignment. Evaluated as a template. -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Node labels for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} - -## Tolerations for pod assignment. Evaluated as a template. -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Pod extra labels -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ -## -podLabels: {} - -## Annotations for server pods. -## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ -## -podAnnotations: {} - -## pods' priority. -## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ -## -# priorityClassName: "" - -## lifecycleHooks for the container to automate configuration before or after startup. -## -lifecycleHooks: {} - -## Custom Liveness probes for -## -customLivenessProbe: {} - -## Custom Rediness probes -## -customReadinessProbe: {} - -## Update strategy - only really applicable for deployments with RWO PVs attached -## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the -## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will -## terminate the single previous pod, so that the new, incoming pod can attach to the PV -## -updateStrategy: - type: RollingUpdate - -## Additional environment variables to set -## Example: -## extraEnvVars: -## - name: FOO -## value: "bar" -## - -extraEnvVars: [] - -## ConfigMap with extra environment variables -## -extraEnvVarsCM: - - global - - config-server-share - - artifactory-share - - pms-migration-utility - -## Secret with extra environment variables -## -extraEnvVarsSecret: [] - -## Extra volumes to add to the deployment -## -extraVolumes: [] - -## Extra volume mounts to add to the container -## -extraVolumeMounts: [] - -## Add init containers to the pods. -## Example: -## initContainers: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -initContainers: - - command: - - /bin/bash - - -c - - if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" - |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST - $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" - -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN - CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool - -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass - changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" - -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" - ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; - EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; - fi - env: - - name: ENABLE_INSECURE - value: "true" - envFrom: - - configMapRef: - name: global - image: docker.io/openjdk:11-jre - imagePullPolicy: Always - name: cacerts - resources: {} - securityContext: - runAsUser: 0 - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /cacerts - name: cacerts - -## Add sidecars to the pods. -## Example: -## sidecars: -## - name: your-image-name -## image: your-image -## imagePullPolicy: Always -## ports: -## - name: portname -## containerPort: 1234 -## -sidecars: {} - -persistence: - enabled: false - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack). - ## - # storageClass: "-" - ## - ## If you want to reuse an existing claim, you can pass the name of the PVC using - ## the existingClaim variable - # existingClaim: your-claim - ## ReadWriteMany not supported by AWS gp2 - storageClass: - accessModes: - - ReadWriteOnce - size: 10M - existingClaim: - # Dir where config and keys are written inside container - mountDir: - -## Init containers parameters: -## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. -## -volumePermissions: - enabled: false - image: - registry: docker.io - repository: bitnami/bitnami-shell - tag: "10" - pullPolicy: Always - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - pullSecrets: [] - ## - myRegistryKeySecretName - ## Init containers' resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## - limits: {} - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - ## cpu: 100m - ## memory: 128Mi - ## - -## Specifies whether RBAC resources should be created -## -rbac: - create: true - -## Specifies whether a ServiceAccount should be created -## -serviceAccount: - create: true - ## The name of the ServiceAccount to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: - -cronjob: - enabled: false - crontime: "" ## run cronjob every day at 3 AM (time hr: 0-23 ) - -pms_migration_utility: - configmaps: - pms-migration-utility: - spring_config_name_env: "pms-migration-utility" - secrets: - # secret-name: - # secretkey1: value - -enable_insecure: false diff --git a/charts/rancher-logging/.gitignore b/charts/rancher-logging/.gitignore deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/rancher-logging/Chart.yaml b/charts/rancher-logging/Chart.yaml deleted file mode 100644 index 29ba63a98..000000000 --- a/charts/rancher-logging/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/deploys-on-os: windows - catalog.cattle.io/display-name: Logging - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/namespace: cattle-logging-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: logging.banzaicloud.io.clusterflow/v1beta1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-logging - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: logging - catalog.cattle.io/upstream-version: 3.17.10 -apiVersion: v1 -appVersion: 3.17.10 -description: Collects and filter logs using highly configurable CRDs. Powered by Banzai - Cloud Logging Operator. -icon: https://charts.rancher.io/assets/logos/logging.svg -keywords: -- mosip -- logging -- monitoring -- security -name: rancher-logging -version: 102.0.3+up3.17.10 -maintainers: - - email: info@mosip.io - name: MOSIP -home: https://mosip.io diff --git a/charts/rancher-logging/README.md b/charts/rancher-logging/README.md deleted file mode 100644 index 6f5c26886..000000000 --- a/charts/rancher-logging/README.md +++ /dev/null @@ -1,135 +0,0 @@ - -# Logging operator Chart - -> **Note:** -> "This Helm chart is taken from `rancher/charts` repository. For any issues or maintenance requests related to these charts, please open a ticket or pull request directly on the original repository". - -[Logging operator](https://github.com/banzaicloud/logging-operator) Managed centralized logging component fluentd and fluent-bit instance on cluster. - -## tl;dr: - -```bash -$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com -$ helm repo update -$ helm install banzaicloud-stable/logging-operator -``` - -## Introduction - -This chart bootstraps a [Logging Operator](https://github.com/banzaicloud/logging-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Prerequisites - -- Kubernetes 1.8+ with Beta APIs enabled - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```bash -$ helm install --name my-release banzaicloud-stable/logging-operator -``` - -### CRDs -Use `createCustomResource=false` with Helm v3 to avoid trying to create CRDs from the `crds` folder and from templates at the same time. - -The command deploys **Logging operator** on the Kubernetes cluster with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. - -## Uninstalling the Chart - -To uninstall/delete the `my-release` deployment: - -```bash -$ helm delete my-release -``` - -The command removes all Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following tables lists the configurable parameters of the logging-operator chart and their default values. - -| Parameter | Description | Default | -| --------------------------------------------------- | ------------------------------------------------------ |-----------------------------------------------------------------------| -| `image.repository` | Container image repository | `ghcr.io/banzaicloud/logging-operator` | -| `image.tag` | Container image tag | `3.17.10` | -| `image.pullPolicy` | Container pull policy | `IfNotPresent` | -| `nameOverride` | Override name of app | `` | -| `fullnameOverride` | Override full name of app | `` | -| `namespaceOverride` | Override namespace of app | `` | -| `watchNamespace` | Namespace to watch for LoggingOperator CRD | `` | -| `rbac.enabled` | Create rbac service account and roles | `true` | -| `rbac.psp.enabled` | Must be used with `rbac.enabled` true. If true, creates & uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. | `false` | -| `priorityClassName` | Operator priorityClassName | `{}` | -| `affinity` | Node Affinity | `{}` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `tolerations` | Node Tolerations | `[]` | -| `nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | -| `podLabels` | Define custom labels for logging-operator pods | `{}` | -| `annotations` | Define annotations for logging-operator pods | `{}` | -| `podSecurityContext` | Pod SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"runAsNonRoot": true, "runAsUser": 1000, "fsGroup": 2000}` | -| `securityContext` | Container SecurityContext for Logging operator. [More info](https://kubernetes.io/docs/concepts/policy/security-context/) | `{"allowPrivilegeEscalation": false, "readOnlyRootFilesystem": true}` | -| `createCustomResource` | Create CRDs. | `true` | -| `monitoring.serviceMonitor.enabled` | Create Prometheus Operator servicemonitor. | `false` | -| `serviceAccount.annotations` | Define annotations for logging-operator ServiceAccount | `{}` | -| `global.seLinux.enabled` | Add seLinuxOptions to Logging resources, requires the [rke2-selinux RPM](https://github.com/rancher/rke2-selinux/releases) | `false` | - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: - -```bash -$ helm install --name my-release -f values.yaml banzaicloud-stable/logging-operator -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Installing Fluentd and Fluent-bit via logging - -The previous chart does **not** install `logging` resource to deploy Fluentd and Fluent-bit on cluster. To install them please use the [Logging Operator Logging](https://github.com/banzaicloud/logging-operator/tree/master/charts/logging-operator-logging) chart. - -## tl;dr: - -```bash -$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com -$ helm repo update -$ helm install banzaicloud-stable/logging-operator-logging -``` - -## Configuration - -The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. -## tl;dr: - -```bash -$ helm repo add banzaicloud-stable https://kubernetes-charts.banzaicloud.com -$ helm repo update -$ helm install banzaicloud-stable/logging-operator-logging -``` - -## Configuration - -The following tables lists the configurable parameters of the logging-operator-logging chart and their default values. - -| Parameter | Description | Default | -| --------------------------------------------------- | ------------------------------------------------------ |------------------------------------------------------------| -| `tls.enabled` | Enabled TLS communication between components | true | -| `tls.fluentdSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | -| `tls.fluentbitSecretName` | Specified secret name, which contain tls certs | This will overwrite automatic Helm certificate generation. | -| `tls.sharedKey` | Shared key between nodes (fluentd-fluentbit) | [autogenerated] | -| `fluentbit.enabled` | Install fluent-bit | true | -| `fluentbit.namespace` | Specified fluentbit installation namespace | same as operator namespace | -| `fluentbit.image.tag` | Fluentbit container image tag | `1.9.5` | -| `fluentbit.image.repository` | Fluentbit container image repository | `fluent/fluent-bit` | -| `fluentbit.image.pullPolicy` | Fluentbit container pull policy | `IfNotPresent` | -| `fluentd.enabled` | Install fluentd | true | -| `fluentd.image.tag` | Fluentd container image tag | `v1.14.6-alpine-5` | -| `fluentd.image.repository` | Fluentd container image repository | `ghcr.io/banzaicloud/fluentd` | -| `fluentd.image.pullPolicy` | Fluentd container pull policy | `IfNotPresent` | -| `fluentd.volumeModImage.tag` | Fluentd volumeModImage container image tag | `latest` | -| `fluentd.volumeModImage.repository` | Fluentd volumeModImage container image repository | `busybox` | -| `fluentd.volumeModImage.pullPolicy` | Fluentd volumeModImage container pull policy | `IfNotPresent` | -| `fluentd.configReloaderImage.tag` | Fluentd configReloaderImage container image tag | `v0.2.2` | -| `fluentd.configReloaderImage.repository` | Fluentd configReloaderImage container image repository | `jimmidyson/configmap-reload` | -| `fluentd.configReloaderImage.pullPolicy` | Fluentd configReloaderImage container pull policy | `IfNotPresent` | -| `fluentd.fluentdPvcSpec.accessModes` | Fluentd persistence volume access modes | `[ReadWriteOnce]` | -| `fluentd.fluentdPvcSpec.resources.requests.storage` | Fluentd persistence volume size | `21Gi` | -| `fluentd.fluentdPvcSpec.storageClassName` | Fluentd persistence volume storageclass | `"""` | diff --git a/charts/rancher-logging/app-readme.md b/charts/rancher-logging/app-readme.md deleted file mode 100644 index 3b210879a..000000000 --- a/charts/rancher-logging/app-readme.md +++ /dev/null @@ -1,48 +0,0 @@ -# Rancher Logging - -> **Note:** -> "This Helm chart is taken from `rancher/charts` repository. For any issues or maintenance requests related to these charts, please open a ticket or pull request directly on the original repository". - -This chart is based off of the upstream [Banzai Logging Operator](https://banzaicloud.com/docs/one-eye/logging-operator/) chart. The chart deploys a logging operator and CRDs, which allows users to configure complex logging pipelines with a few simple custom resources. There are two levels of logging, which allow you to collect all logs in a cluster or from a single namespace. - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/logging/v2.7/). - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. - -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Namespace-level logging - -To collect logs from a single namespace, users create flows and these flows are connected to outputs or cluster outputs. - -## Cluster-level logging - -To collect logs from an entire cluster, users create cluster flows and cluster outputs. - -## CRDs - -- [Cluster Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusterflow_types/) - A cluster flow is a CRD (`ClusterFlow`) that defines what logs to collect from the entire cluster. The cluster flow must be deployed in the same namespace as the logging operator. -- [Cluster Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/clusteroutput_types/) - A cluster output is a CRD (`ClusterOutput`) that defines how to connect to logging providers so they can start collecting logs. The cluster output must be deployed in the same namespace as the logging operator. The convenience of using a cluster output is that either a cluster flow or flow can send logs to those providers without needing to define specific outputs in each namespace for each flow. -- [Flow](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/flow_types/) - A flow is a CRD (`Flow`) that defines what logs to collect from the namespace that it is deployed in. -- [Output](https://banzaicloud.com/docs/one-eye/logging-operator/crds/v1beta1/output_types/) - An output is a CRD (`Output`) that defines how to connect to logging providers so logs can be sent to the provider. - -For more information on how to configure the Helm chart, refer to the Helm README. - -## Systemd Configuration -Some Kubernetes distributions log to journald. In order to collect these logs the `systemdLogPath` needs to be defined. While the `/run/log/journal` directory is used by default, some Linux distributions do not default to this path. For example Ubuntu defaults to `/var/log/journal`. To determine your `systemdLogPath` run `cat /etc/systemd/journald.conf | grep -E ^\#?Storage | cut -d"=" -f2` on one of your nodes. If `persistent` is returned your `systemdLogPath` should be `/var/log/journal`. If `volatile` is returned `systemdLogPath` should be `/run/log/journal`. If `auto` is returned check if `/var/log/journal` exists, and if it does then use `/var/log/journal`, otherwise use `/run/log/journal`. - -If any value not described here is returned, Rancher Logging will not be able to collect control plane logs. To address this issue set `Storage=volatile` in journald.conf, reboot your machine, and set `systemdLogPath` to `/run/log/journal`. diff --git a/charts/rancher-logging/templates/NOTES.txt b/charts/rancher-logging/templates/NOTES.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/rancher-logging/templates/_generic_logging.yaml b/charts/rancher-logging/templates/_generic_logging.yaml deleted file mode 100644 index 1583fa449..000000000 --- a/charts/rancher-logging/templates/_generic_logging.yaml +++ /dev/null @@ -1,121 +0,0 @@ -{{- define "logging-operator.logging.tpl" -}} -apiVersion: logging.banzaicloud.io/v1beta1 -kind: Logging -metadata: - namespace: {{ .Release.Namespace }} - labels: -{{ include "logging-operator.labels" . | indent 4 }} -spec: - controlNamespace: {{ .Release.Namespace }} - fluentbit: - image: - repository: {{ template "logging-operator.fluentbitImageRepository" . }} - tag: {{ template "logging-operator.fluentbitImageTag" . }} - {{- if not .Values.disablePvc }} - {{- with .Values.fluentbit.bufferStorage }} - bufferStorage: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.bufferStorageVolume }} - bufferStorageVolume: {{- toYaml . | nindent 6 }} - {{- end }} - {{- end }} - {{- if or .Values.global.cattle.psp.enabled .Values.global.seLinux.enabled }} - security: - {{- end }} - {{- if .Values.global.cattle.psp.enabled }} - podSecurityPolicyCreate: true - roleBasedAccessControlCreate: true - {{- end }} - {{- if .Values.global.seLinux.enabled }} - securityContext: - seLinuxOptions: - type: rke_logreader_t - {{- end }} - {{- if or .Values.fluentbit.inputTail.Buffer_Chunk_Size .Values.fluentbit.inputTail.Buffer_Max_Size .Values.fluentbit.inputTail.Mem_Buf_Limit .Values.fluentbit.inputTail.Multiline_Flush .Values.fluentbit.inputTail.Skip_Long_Lines }} - inputTail: - {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} - Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} - Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} - Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Multiline_Flush }} - Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} - Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} - {{- end }} - {{- end }} - {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} - tolerations: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.resources }} - resources: {{- toYaml . | nindent 6 }} - {{- end }} - fluentd: - image: - repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} - tag: {{ .Values.images.fluentd.tag }} - configReloaderImage: - repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} - tag: {{ .Values.images.config_reloader.tag }} - {{- with .Values.fluentd.bufferStorageVolume }} - bufferStorageVolume: {{- toYaml . | nindent 6 }} - {{- end }} - disablePvc: {{ .Values.disablePvc }} - {{- if .Values.fluentd.replicas }} - scaling: - replicas: {{ .Values.fluentd.replicas }} - {{- end }} - security: - podSecurityContext: - runAsUser: 100 - {{- if .Values.global.cattle.psp.enabled }} - podSecurityPolicyCreate: true - roleBasedAccessControlCreate: true - {{- end }} - {{- with .Values.fluentd.env }} - envVars: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} - tolerations: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} - nodeSelector: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentd.resources }} - resources: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentd.livenessProbe }} - livenessProbe: {{- toYaml . | nindent 6 }} - {{- end }} -{{- end -}} - -{{- define "logging-operator.util.merge.logging" -}} -{{/* Top context to expose fields like `.Release` and `.Values` */}} -{{- $top := first . -}} - -{{/* tpl is the template specific to the logging implementation */}} -{{- $tpl := fromYaml (include (index . 1) $top) | default (dict ) -}} - -{{/* Generic is the shared rancher logging setttings from `_generic_logging.yaml` */}} -{{- $generic := fromYaml (include (index . 2) $top) | default (dict ) -}} - -{{/* values are from the values.yaml */}} -{{- $values := $top.Values.loggingOverlay | default (dict ) -}} - -####### {{$generic}} - -{{/* the sources are merge right to left meaning tpl is the highest prcedence and values is the lowest */}} -{{- toYaml (merge $tpl $values $generic) -}} -{{- end -}} - -{{- define "logging-operator.logging" -}} -{{- include "logging-operator.util.merge.logging" (append . "logging-operator.logging.tpl") -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-logging/templates/_helpers.tpl b/charts/rancher-logging/templates/_helpers.tpl deleted file mode 100644 index 7f070904c..000000000 --- a/charts/rancher-logging/templates/_helpers.tpl +++ /dev/null @@ -1,179 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "logging-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "logging-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Provides the namespace the chart will be installed in using the builtin .Release.Namespace, -or, if provided, a manually overwritten namespace value. -*/}} -{{- define "logging-operator.namespace" -}} -{{- if .Values.namespaceOverride -}} -{{ .Values.namespaceOverride -}} -{{- else -}} -{{ .Release.Namespace }} -{{- end -}} -{{- end -}} - - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "logging-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "logging-operator.labels" -}} -app.kubernetes.io/name: {{ include "logging-operator.name" . }} -helm.sh/chart: {{ include "logging-operator.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} - -{{- define "windowsEnabled" }} -{{- if not (kindIs "invalid" .Values.global.cattle.windows) }} -{{- if not (kindIs "invalid" .Values.global.cattle.windows.enabled) }} -{{- if .Values.global.cattle.windows.enabled }} -true -{{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- define "windowsPathPrefix" -}} -{{- trimSuffix "/" (default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\" "/" | replace "//" "/" | replace "c:" "C:") -}} -{{- end -}} - -{{- define "windowsKubernetesFilter" -}} -{{- printf "kubernetes.%s" ((include "windowsPathPrefix" .) | replace ":" "" | replace "/" ".") -}} -{{- end -}} - -{{- define "windowsInputTailMount" -}} -{{- (include "windowsPathPrefix" .) | replace "C:" "" -}} -{{- end -}} - -{{/* -Set the controlplane selector based on kubernetes distribution -*/}} -{{- define "controlplaneSelector" -}} -{{- $master := or .Values.additionalLoggingSources.rke2.enabled .Values.additionalLoggingSources.k3s.enabled -}} -{{- $defaultSelector := $master | ternary (dict "node-role.kubernetes.io/master" "true") (dict "node-role.kubernetes.io/controlplane" "true") -}} -{{ default $defaultSelector .Values.additionalLoggingSources.kubeAudit.nodeSelector | toYaml }} -{{- end -}} - -{{/* -Set kube-audit file path prefix based on distribution -*/}} -{{- define "kubeAuditPathPrefix" -}} -{{- if .Values.additionalLoggingSources.rke.enabled -}} -{{ default "/var/log/kube-audit" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} -{{- else if .Values.additionalLoggingSources.rke2.enabled -}} -{{ default "/var/lib/rancher/rke2/server/logs" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} -{{- else -}} -{{ required "Directory PathPrefix of the kube-audit location is required" .Values.additionalLoggingSources.kubeAudit.pathPrefix }} -{{- end -}} -{{- end -}} - -{{/* -Set kube-audit file name based on distribution -*/}} -{{- define "kubeAuditFilename" -}} -{{- if .Values.additionalLoggingSources.rke.enabled -}} -{{ default "audit-log.json" .Values.additionalLoggingSources.kubeAudit.auditFilename }} -{{- else if .Values.additionalLoggingSources.rke2.enabled -}} -{{ default "audit.log" .Values.additionalLoggingSources.kubeAudit.auditFilename }} -{{- else -}} -{{ required "Filename of the kube-audit log is required" .Values.additionalLoggingSources.kubeAudit.auditFilename }} -{{- end -}} -{{- end -}} - -{{/* -A shared list of custom parsers for the vairous fluentbit pods rancher creates -*/}} -{{- define "logging-operator.parsers" -}} -[PARSER] - Name klog - Format regex - Regex ^(?[IWEF])(?\d{4} \d{2}:\d{2}:\d{2}).\d{6} +?(?\d+) (?.+):(?\d+)] (?.+) - Time_Key timestamp - Time_Format %m%d %T - -[PARSER] - Name rancher - Format regex - Regex ^time="(?.+)" level=(?.+) msg="(?.+)"$ - Time_Key timestamp - Time_Format %FT%H:%M:%S -[PARSER] - Name etcd - Format json - Time_Key timestamp - Time_Format %FT%H:%M:%S.%L -{{- end -}} - -{{/* -Set kubernetes log options if they are configured -*/}} -{{- define "requireFilterKubernetes" -}} -{{- if or .Values.fluentbit.filterKubernetes.Merge_Log .Values.fluentbit.filterKubernetes.Merge_Log_Key .Values.fluentbit.filterKubernetes.Merge_Trim .Values.fluentbit.filterKubernetes.Merge_Parser -}} -true -{{- end -}} -{{- end -}} - -{{/*Fluent Bit Image Repository */}} -{{- define "logging-operator.fluentbitImageRepository" -}} -{{- if .Values.debug -}} -{{ template "system_default_registry" . }}{{ .Values.images.fluentbit_debug.repository }} -{{- else -}} -{{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} -{{- end -}} -{{- end -}} - -{{/*Fluent Bit Image Tag */}} -{{- define "logging-operator.fluentbitImageTag" -}} -{{- if .Values.debug -}} -{{ .Values.images.fluentbit_debug.tag }} -{{- else -}} -{{ .Values.images.fluentbit.tag }} -{{- end -}} -{{- end -}} - -{{/*Fluent Bit Image */}} -{{- define "logging-operator.fluentbitImage" -}} -{{ template "logging-operator.fluentbitImageRepository" . }}:{{ template "logging-operator.fluentbitImageTag" . }} -{{- end -}} diff --git a/charts/rancher-logging/templates/clusterrole.yaml b/charts/rancher-logging/templates/clusterrole.yaml deleted file mode 100644 index a5d7a85c2..000000000 --- a/charts/rancher-logging/templates/clusterrole.yaml +++ /dev/null @@ -1,318 +0,0 @@ -{{- if .Values.rbac.enabled }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: {{ template "logging-operator.fullname" . }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - endpoints - - namespaces - - nodes - - nodes/proxy - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumeclaims - - pods - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - - events.k8s.io - resources: - - events - verbs: - - create - - get - - list - - watch -- apiGroups: - - apps - resources: - - daemonsets - - replicasets - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - - extensions - resources: - - daemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - - extensions - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - - extensions - resources: - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - batch - resources: - - jobs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' -- apiGroups: - - events.k8s.io - resources: - - events - verbs: - - get - - list - - watch -- apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - extensions - - policy - resources: - - podsecuritypolicies - verbs: - - create - - delete - - get - - list - - patch - - update - - use - - watch -- apiGroups: - - logging-extensions.banzaicloud.io - resources: - - eventtailers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - logging-extensions.banzaicloud.io - resources: - - eventtailers/status - verbs: - - get - - patch - - update -- apiGroups: - - logging-extensions.banzaicloud.io - resources: - - hosttailers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - logging-extensions.banzaicloud.io - resources: - - hosttailers/status - verbs: - - get - - patch - - update -- apiGroups: - - logging.banzaicloud.io - resources: - - clusterflows - - clusteroutputs - - flows - - loggings - - outputs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - logging.banzaicloud.io - resources: - - clusterflows/status - - clusteroutputs/status - - flows/status - - loggings/status - - outputs/status - verbs: - - get - - patch - - update -- apiGroups: - - monitoring.coreos.com - resources: - - prometheusrules - - servicemonitors - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -{{- end }} diff --git a/charts/rancher-logging/templates/clusterrolebinding.yaml b/charts/rancher-logging/templates/clusterrolebinding.yaml deleted file mode 100644 index 89d17d094..000000000 --- a/charts/rancher-logging/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.rbac.enabled }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "logging-operator.fullname" . }} - labels: -{{ include "logging-operator.labels" . | indent 4 }} -subjects: - - kind: ServiceAccount - name: {{ template "logging-operator.fullname" . }} - namespace: {{ include "logging-operator.namespace" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "logging-operator.fullname" . }} - - {{- end }} \ No newline at end of file diff --git a/charts/rancher-logging/templates/crds.yaml b/charts/rancher-logging/templates/crds.yaml deleted file mode 100644 index f573652d0..000000000 --- a/charts/rancher-logging/templates/crds.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.createCustomResource -}} -{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }} -{{ $.Files.Get $path }} ---- -{{- end }} -{{- end }} diff --git a/charts/rancher-logging/templates/deployment.yaml b/charts/rancher-logging/templates/deployment.yaml deleted file mode 100644 index e1ec64f6d..000000000 --- a/charts/rancher-logging/templates/deployment.yaml +++ /dev/null @@ -1,77 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "logging-operator.fullname" . }} - namespace: {{ include "logging-operator.namespace" . }} - labels: -{{ include "logging-operator.labels" . | indent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "logging-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "logging-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- with .Values.podLabels }} - {{ toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - args: - {{- range .Values.extraArgs }} - - {{ . }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - ports: - - name: http - containerPort: {{ .Values.http.port }} - {{- with .Values.env }} - env: {{ toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.securityContext }} - securityContext: {{ toYaml .Values.securityContext | nindent 12 }} - {{- end }} - {{- with .Values.volumeMounts }} - volumeMounts: {{ toYaml . | nindent 12 }} - {{- end }} - {{- with .Values.volumes }} - volumes: {{ toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.podSecurityContext }} - securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} - {{- end }} - - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.rbac.enabled }} - serviceAccountName: {{ include "logging-operator.fullname" . }} - {{- end }} diff --git a/charts/rancher-logging/templates/loggings/aks/logging.yaml b/charts/rancher-logging/templates/loggings/aks/logging.yaml deleted file mode 100644 index 54bb73250..000000000 --- a/charts/rancher-logging/templates/loggings/aks/logging.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- define "logging-operator.logging.aks" -}} -{{- $logPath := "/var/log/azure/kubelet-status.log" -}} -metadata: - name: {{ .Release.Name }}-aks -spec: - fluentbit: - disableKubernetesFilter: true - extraVolumeMounts: - - source: {{ $logPath }} - destination: {{ $logPath }} - readOnly: true - inputTail: - Tag: "aks" - Path: {{ $logPath }} -{{- end -}} -{{- if .Values.additionalLoggingSources.aks.enabled }} -{{- include "logging-operator.logging" (list . "logging-operator.logging.aks") -}} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/eks/logging.yaml b/charts/rancher-logging/templates/loggings/eks/logging.yaml deleted file mode 100644 index 2ba7860b1..000000000 --- a/charts/rancher-logging/templates/loggings/eks/logging.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- define "logging-operator.logging.eks" -}} -{{- $logPath := "/var/log/messages" -}} -metadata: - name: {{ .Release.Name }}-eks -spec: - fluentbit: - disableKubernetesFilter: true - extraVolumeMounts: - - source: {{ $logPath }} - destination: {{ $logPath }} - readOnly: true - inputTail: - Tag: "eks" - Path: {{ $logPath }} - Parser: "syslog" -{{- end -}} -{{- if .Values.additionalLoggingSources.eks.enabled }} -{{- include "logging-operator.logging" (list . "logging-operator.logging.eks") -}} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/gke/logging.yaml b/charts/rancher-logging/templates/loggings/gke/logging.yaml deleted file mode 100644 index 6c834b12e..000000000 --- a/charts/rancher-logging/templates/loggings/gke/logging.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- define "logging-operator.logging.gke" -}} -{{- $logPath := "/var/log/kube-proxy.log" -}} -metadata: - name: {{ .Release.Name }}-gke -spec: - fluentbit: - disableKubernetesFilter: true - extraVolumeMounts: - - source: {{ $logPath }} - destination: {{ $logPath }} - readOnly: true - inputTail: - Tag: "gke" - Path: {{ $logPath }} -{{- end -}} -{{- if .Values.additionalLoggingSources.gke.enabled }} -{{- include "logging-operator.logging" (list . "logging-operator.logging.gke") -}} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/k3s/configmap.yaml b/charts/rancher-logging/templates/loggings/k3s/configmap.yaml deleted file mode 100644 index aa454c8ad..000000000 --- a/charts/rancher-logging/templates/loggings/k3s/configmap.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd") }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-k3s - labels: -{{ include "logging-operator.labels" . | indent 4 }} -data: - fluent-bit.conf: | - [SERVICE] - Flush 1 - Grace 5 - Daemon Off - Log_Level info - Coro_Stack_Size 24576 - Parsers_File parsers.conf - - [INPUT] - Name systemd - Tag k3s - Path {{ .Values.systemdLogPath }} - Systemd_Filter _SYSTEMD_UNIT=k3s.service - {{- if .Values.additionalLoggingSources.k3s.stripUnderscores }} - Strip_Underscores On - {{- end }} - Systemd_Filter _SYSTEMD_UNIT=k3s-agent.service - - [FILTER] - Name parser - Match * - Key_Name MESSAGE - Parser klog - Reserve_Data On - - [FILTER] - Name parser - Match * - Key_Name MESSAGE - Parser rancher - Reserve_Data On - - [FILTER] - Name parser - Match * - Key_Name MESSAGE - Parser etcd - Reserve_Data On - - [OUTPUT] - Name forward - Match * - Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc - Port 24240 - Retry_Limit False - parsers.conf: | -{{ include "logging-operator.parsers" . | indent 4 }} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/k3s/daemonset.yaml b/charts/rancher-logging/templates/loggings/k3s/daemonset.yaml deleted file mode 100644 index e80c2b1c8..000000000 --- a/charts/rancher-logging/templates/loggings/k3s/daemonset.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "systemd") }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: "{{ .Release.Name }}-k3s-journald-aggregator" - namespace: "{{ .Release.Namespace }}" -spec: - selector: - matchLabels: - name: {{ .Release.Name }}-k3s-journald-aggregator - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loggings/k3s/configmap.yaml") . | sha256sum }} - name: "{{ .Release.Name }}-k3s-journald-aggregator" - namespace: "{{ .Release.Namespace }}" - labels: - name: {{ .Release.Name }}-k3s-journald-aggregator - spec: - containers: - - name: fluentbit - image: "{{ template "logging-operator.fluentbitImage" . }}" - {{- if .Values.global.seLinux.enabled }} - securityContext: - seLinuxOptions: - type: rke_logreader_t - {{- end }} - volumeMounts: - - mountPath: /fluent-bit/etc/ - name: config - - mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }} - name: journal - readOnly: true - - mountPath: /etc/machine-id - name: machine-id - readOnly: true - {{- with .Values.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: "{{ .Release.Name }}-k3s-journald-aggregator" - volumes: - - name: config - configMap: - name: "{{ .Release.Name }}-k3s" - - name: journal - hostPath: - path: {{ .Values.systemdLogPath | default "/var/log/journal" }} - - name: machine-id - hostPath: - path: /etc/machine-id ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ .Release.Name }}-k3s-journald-aggregator" - namespace: "{{ .Release.Namespace }}" -{{- if .Values.global.cattle.psp.enabled }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ .Release.Name }}-k3s-journald-aggregator" -rules: - - apiGroups: - - policy - resourceNames: - - "{{ .Release.Name }}-k3s-journald-aggregator" - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ .Release.Name }}-k3s-journald-aggregator" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ .Release.Name }}-k3s-journald-aggregator" -subjects: - - kind: ServiceAccount - name: "{{ .Release.Name }}-k3s-journald-aggregator" ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: "{{ .Release.Name }}-k3s-journald-aggregator" - namespace: "{{ .Release.Namespace }}" -spec: - allowPrivilegeEscalation: false - fsGroup: - rule: RunAsAny - readOnlyRootFilesystem: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - emptyDir - - secret - - hostPath -{{- end }} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/k3s/logging-k3s-openrc.yaml b/charts/rancher-logging/templates/loggings/k3s/logging-k3s-openrc.yaml deleted file mode 100644 index 963cf3ac4..000000000 --- a/charts/rancher-logging/templates/loggings/k3s/logging-k3s-openrc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- define "logging-operator.logging.k3s-openrc" -}} -{{- $logPath := "/var/log/k3s.log" -}} -metadata: - name: {{ .Release.Name }}-k3s -spec: - fluentbit: - disableKubernetesFilter: true - extraVolumeMounts: - - source: {{ $logPath }} - destination: {{ $logPath }} - readOnly: true - inputTail: - Tag: "k3s" - Path: {{ $logPath }} - Path_Key: filename -{{- end -}} -{{- if and .Values.additionalLoggingSources.k3s.enabled (eq .Values.additionalLoggingSources.k3s.container_engine "openrc")}} -{{- include "logging-operator.logging" (list . "logging-operator.logging.k3s-openrc") -}} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/kube-audit/logging.yaml b/charts/rancher-logging/templates/loggings/kube-audit/logging.yaml deleted file mode 100644 index fcac111bd..000000000 --- a/charts/rancher-logging/templates/loggings/kube-audit/logging.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- define "logging-operator.logging.kube-audit" -}} -metadata: - name: {{ .Release.Name }}-kube-audit -spec: - {{- if .Values.additionalLoggingSources.kubeAudit.loggingRef }} - loggingRef: {{ .Values.additionalLoggingSources.kubeAudit.loggingRef }} - {{- end }} - fluentbit: - disableKubernetesFilter: true - extraVolumeMounts: - - source: {{ template "kubeAuditPathPrefix" . }} - destination: "/kube-audit-logs" - readOnly: true - inputTail: - Tag: {{ .Values.additionalLoggingSources.kubeAudit.fluentbit.logTag }} - Path: /kube-audit-logs/{{ template "kubeAuditFilename" . }} - Parser: json - {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations) (.Values.additionalLoggingSources.kubeAudit.fluentbit.tolerations)) }} - tolerations: {{- toYaml . | nindent 6 }} - {{- end }} - nodeSelector: {{ include "controlplaneSelector" . | nindent 6 }} -{{- end -}} -{{- if .Values.additionalLoggingSources.kubeAudit.enabled }} -{{- include "logging-operator.logging" (list . "logging-operator.logging.kube-audit") -}} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/rke/configmap.yaml b/charts/rancher-logging/templates/loggings/rke/configmap.yaml deleted file mode 100644 index 252572a4e..000000000 --- a/charts/rancher-logging/templates/loggings/rke/configmap.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.additionalLoggingSources.rke.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-rke - labels: -{{ include "logging-operator.labels" . | indent 4 }} -data: - fluent-bit.conf: | - [SERVICE] - Log_Level {{ .Values.additionalLoggingSources.rke.fluentbit.log_level }} - Parsers_File parsers.conf - - [INPUT] - Tag rke - Name tail - Path_Key filename - Parser docker - DB /tail-db/tail-containers-state.db - Mem_Buf_Limit {{ .Values.additionalLoggingSources.rke.fluentbit.mem_buffer_limit }} - Path /var/lib/rancher/rke/log/*.log - - [OUTPUT] - Name forward - Match * - Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc - Port 24240 - Retry_Limit False -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/rke/daemonset.yaml b/charts/rancher-logging/templates/loggings/rke/daemonset.yaml deleted file mode 100644 index cc39a5cc4..000000000 --- a/charts/rancher-logging/templates/loggings/rke/daemonset.yaml +++ /dev/null @@ -1,122 +0,0 @@ -{{- if .Values.additionalLoggingSources.rke.enabled }} -{{- $containers := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: "{{ .Release.Name }}-rke-aggregator" - namespace: "{{ .Release.Namespace }}" -spec: - selector: - matchLabels: - name: {{ .Release.Name }}-rke-aggregator - template: - metadata: - name: "{{ .Release.Name }}-rke-aggregator" - namespace: "{{ .Release.Namespace }}" - labels: - name: {{ .Release.Name }}-rke-aggregator - spec: - containers: - - name: fluentbit - image: "{{ template "logging-operator.fluentbitImage" . }}" - volumeMounts: - - mountPath: /var/lib/rancher/rke/log/ - name: indir - - mountPath: {{ $containers }} - name: containers - - mountPath: /tail-db - name: positiondb - - mountPath: /fluent-bit/etc/fluent-bit.conf - name: config - subPath: fluent-bit.conf - {{- if .Values.global.seLinux.enabled }} - securityContext: - seLinuxOptions: - type: rke_logreader_t - {{- end }} - volumes: - - name: indir - hostPath: - path: /var/lib/rancher/rke/log/ - type: DirectoryOrCreate - - name: containers - hostPath: - path: {{ $containers }} - type: DirectoryOrCreate - - name: positiondb - emptyDir: {} - - name: config - configMap: - name: "{{ .Release.Name }}-rke" - serviceAccountName: "{{ .Release.Name }}-rke-aggregator" - {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} - {{- with $total_tolerations }} - tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} - {{- end }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ .Release.Name }}-rke-aggregator" - namespace: "{{ .Release.Namespace }}" -{{- if .Values.global.cattle.psp.enabled }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ .Release.Name }}-rke-aggregator" -rules: - - apiGroups: - - policy - resourceNames: - - "{{ .Release.Name }}-rke-aggregator" - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ .Release.Name }}-rke-aggregator" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ .Release.Name }}-rke-aggregator" -subjects: - - kind: ServiceAccount - name: "{{ .Release.Name }}-rke-aggregator" ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: "{{ .Release.Name }}-rke-aggregator" - namespace: "{{ .Release.Namespace }}" -spec: - allowPrivilegeEscalation: false - allowedHostPaths: - - pathPrefix: {{ $containers }} - readOnly: false - - pathPrefix: /var/lib/rancher/rke/log/ - readOnly: false - - pathPrefix: /var/lib/rancher/logging/ - readOnly: false - fsGroup: - rule: RunAsAny - readOnlyRootFilesystem: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - emptyDir - - secret - - hostPath -{{- end }} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/rke2/configmap.yaml b/charts/rancher-logging/templates/loggings/rke2/configmap.yaml deleted file mode 100644 index 3ca20be22..000000000 --- a/charts/rancher-logging/templates/loggings/rke2/configmap.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if .Values.additionalLoggingSources.rke2.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-rke2 - labels: -{{ include "logging-operator.labels" . | indent 4 }} -data: - fluent-bit.conf: | - [SERVICE] - Flush 1 - Grace 5 - Daemon Off - Log_Level info - Coro_Stack_Size 24576 - Parsers_File parsers.conf - - [INPUT] - Name systemd - Tag rke2 - Path {{ .Values.systemdLogPath }} - Systemd_Filter _SYSTEMD_UNIT=rke2-server.service - Systemd_Filter _SYSTEMD_UNIT=rke2-agent.service - {{- if .Values.additionalLoggingSources.rke2.stripUnderscores }} - Strip_Underscores On - {{- end }} - - [INPUT] - Name tail - Tag rke2 - Path /var/lib/rancher/rke2/agent/logs/kubelet.log - - [FILTER] - Name parser - Match * - Key_Name log - Parser klog - Reserve_Data On - - [FILTER] - Name parser - Match * - Key_Name MESSAGE - Parser klog - Reserve_Data On - - [FILTER] - Name parser - Match * - Key_Name MESSAGE - Parser rancher - Reserve_Data On - - [FILTER] - Name parser - Match * - Key_Name MESSAGE - Parser etcd - Reserve_Data On - - [OUTPUT] - Name forward - Match * - Host {{ .Release.Name }}-root-fluentd.{{ .Release.Namespace }}.svc - Port 24240 - Retry_Limit False - parsers.conf: | -{{ include "logging-operator.parsers" . | indent 4 }} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/rke2/daemonset.yaml b/charts/rancher-logging/templates/loggings/rke2/daemonset.yaml deleted file mode 100644 index 8f54b718e..000000000 --- a/charts/rancher-logging/templates/loggings/rke2/daemonset.yaml +++ /dev/null @@ -1,116 +0,0 @@ -{{- if .Values.additionalLoggingSources.rke2.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: "{{ .Release.Name }}-rke2-journald-aggregator" - namespace: "{{ .Release.Namespace }}" -spec: - selector: - matchLabels: - name: {{ .Release.Name }}-rke2-journald-aggregator - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/loggings/rke2/configmap.yaml") . | sha256sum }} - name: "{{ .Release.Name }}-rke2-journald-aggregator" - namespace: "{{ .Release.Namespace }}" - labels: - name: {{ .Release.Name }}-rke2-journald-aggregator - spec: - containers: - - name: fluentbit - image: "{{ template "logging-operator.fluentbitImage" . }}" - {{- if .Values.global.seLinux.enabled }} - securityContext: - seLinuxOptions: - type: rke_logreader_t - {{- end }} - volumeMounts: - - mountPath: /fluent-bit/etc/ - name: config - - mountPath: {{ .Values.systemdLogPath | default "/var/log/journal" }} - name: journal - readOnly: true - - mountPath: "/var/lib/rancher/rke2/agent/logs" - name: kubelet - readOnly: true - - mountPath: /etc/machine-id - name: machine-id - readOnly: true - {{- with .Values.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" - volumes: - - name: config - configMap: - name: "{{ .Release.Name }}-rke2" - - name: journal - hostPath: - path: {{ .Values.systemdLogPath | default "/var/log/journal" }} - - name: kubelet - hostPath: - path: "/var/lib/rancher/rke2/agent/logs" - - name: machine-id - hostPath: - path: /etc/machine-id ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: "{{ .Release.Name }}-rke2-journald-aggregator" - namespace: "{{ .Release.Namespace }}" -{{- if .Values.global.cattle.psp.enabled }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: "{{ .Release.Name }}-rke2-journald-aggregator" -rules: - - apiGroups: - - policy - resourceNames: - - "{{ .Release.Name }}-rke2-journald-aggregator" - resources: - - podsecuritypolicies - verbs: - - use ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: "{{ .Release.Name }}-rke2-journald-aggregator" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "{{ .Release.Name }}-rke2-journald-aggregator" -subjects: - - kind: ServiceAccount - name: "{{ .Release.Name }}-rke2-journald-aggregator" ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: "{{ .Release.Name }}-rke2-journald-aggregator" - namespace: "{{ .Release.Namespace }}" -spec: - allowPrivilegeEscalation: false - fsGroup: - rule: RunAsAny - readOnlyRootFilesystem: true - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - configMap - - emptyDir - - secret - - hostPath -{{- end }} -{{- end }} diff --git a/charts/rancher-logging/templates/loggings/root/logging.yaml b/charts/rancher-logging/templates/loggings/root/logging.yaml deleted file mode 100644 index d88159106..000000000 --- a/charts/rancher-logging/templates/loggings/root/logging.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{- define "logging-operator.logging.root" -}} -{{- $containerLogPath := printf "%s/containers/" (default "/var/lib/docker" .Values.global.dockerRootDirectory) }} -metadata: - name: "{{ .Release.Name }}-root" -spec: - {{- if (include "windowsEnabled" .) }} - nodeAgents: - - name: win-agent - profile: windows - nodeAgentFluentbit: - daemonSet: - spec: - template: - spec: - containers: - - image: {{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }} - name: fluent-bit - tls: - enabled: {{ .Values.nodeAgents.tls.enabled | default false }} - {{- if .Values.additionalLoggingSources.rke.enabled }} - - name: win-agent-rke - profile: windows - nodeAgentFluentbit: - filterKubernetes: - Kube_Tag_Prefix: "{{ template "windowsKubernetesFilter" . }}.var.lib.rancher.rke.log." - inputTail: - Path: "{{ template "windowsPathPrefix" . }}/var/lib/rancher/rke/log" - {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} - Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size | toString }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} - Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size | toString }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} - Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit | toString }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Multiline_Flush }} - Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush | toString | quote }} - {{- end }} - {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} - Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines | toString | quote }} - {{- end }} - extraVolumeMounts: - - source: "{{ template "windowsInputTailMount" . }}/var/lib/rancher/rke/log" - destination: "{{ template "windowsInputTailMount" . }}/var/lib/rancher/rke/log" - readOnly: true - daemonSet: - spec: - template: - spec: - containers: - - image: "{{ template "system_default_registry" . }}{{ .Values.images.nodeagent_fluentbit.repository }}:{{ .Values.images.nodeagent_fluentbit.tag }}" - name: fluent-bit - tls: - enabled: {{ .Values.nodeAgents.tls.enabled | default false }} - {{- end }} - {{- end }} - fluentbit: - {{- if .Values.global.dockerRootDirectory }} - mountPath: {{ $containerLogPath }} - extraVolumeMounts: - - source: {{ $containerLogPath }} - destination: {{ $containerLogPath }} - readOnly: true - {{- end }} - {{- if (include "requireFilterKubernetes" .) }} - filterKubernetes: - {{- if .Values.fluentbit.filterKubernetes.Merge_Log }} - Merge_Log: "{{ .Values.fluentbit.filterKubernetes.Merge_Log }}" - {{- end }} - {{- if .Values.fluentbit.filterKubernetes.Merge_Log_Key }} - Merge_Log_Key: "{{ .Values.fluentbit.filterKubernetes.Merge_Log_Key }}" - {{- end }} - {{- if .Values.fluentbit.filterKubernetes.Merge_Log_Trim }} - Merge_Log_Trim: "{{ .Values.fluentbit.filterKubernetes.Merge_Log_Trim }}" - {{- end }} - {{- if .Values.fluentbit.filterKubernetes.Merge_Parser }} - Merge_Parser: "{{ .Values.fluentbit.filterKubernetes.Merge_Parser }}" - {{- end }} - {{- end }} -{{- end -}} -{{- include "logging-operator.logging" (list . "logging-operator.logging.root") -}} diff --git a/charts/rancher-logging/templates/psp.yaml b/charts/rancher-logging/templates/psp.yaml deleted file mode 100644 index e80bbc0dc..000000000 --- a/charts/rancher-logging/templates/psp.yaml +++ /dev/null @@ -1,34 +0,0 @@ -{{ if and .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: psp.logging-operator - namespace: {{ include "logging-operator.namespace" . }} - annotations: -{{- if .Values.rbac.psp.annotations }} -{{ toYaml .Values.rbac.psp.annotations | indent 4 }} -{{- end }} - labels: -{{ include "logging-operator.labels" . | indent 4 }} -spec: - readOnlyRootFilesystem: true - privileged: false - allowPrivilegeEscalation: false - runAsUser: - rule: MustRunAsNonRoot - fsGroup: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - supplementalGroups: - rule: MustRunAs - ranges: - - min: 1 - max: 65535 - seLinux: - rule: RunAsAny - volumes: - - secret - - configMap -{{ end }} diff --git a/charts/rancher-logging/templates/service.yaml b/charts/rancher-logging/templates/service.yaml deleted file mode 100644 index f419ae2c4..000000000 --- a/charts/rancher-logging/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "logging-operator.fullname" . }} - namespace: {{ include "logging-operator.namespace" . }} - labels: -{{ include "logging-operator.labels" . | indent 4 }} -spec: - type: ClusterIP - {{- with .Values.http.service.clusterIP }} - clusterIP: {{ . }} - {{- end }} - ports: - - port: {{ .Values.http.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "logging-operator.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/rancher-logging/templates/serviceMonitor.yaml b/charts/rancher-logging/templates/serviceMonitor.yaml deleted file mode 100644 index 1bb762cde..000000000 --- a/charts/rancher-logging/templates/serviceMonitor.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if .Values.monitoring.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "logging-operator.fullname" . }} - namespace: {{ include "logging-operator.namespace" . }} - labels: -{{ include "logging-operator.labels" . | indent 4 }} -{{- with .Values.monitoring.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} -{{- end }} -spec: - selector: - matchLabels: -{{ include "logging-operator.labels" . | indent 6 }} - endpoints: - - port: http - path: /metrics - {{- with .Values.monitoring.serviceMonitor.metricsRelabelings }} - metricRelabelings: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.monitoring.serviceMonitor.relabelings }} - relabelings: - {{- toYaml . | nindent 4 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ include "logging-operator.namespace" . }} -{{- end }} diff --git a/charts/rancher-logging/templates/serviceaccount.yaml b/charts/rancher-logging/templates/serviceaccount.yaml deleted file mode 100644 index bb97cf108..000000000 --- a/charts/rancher-logging/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.enabled }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "logging-operator.fullname" . }} - namespace: {{ include "logging-operator.namespace" . }} - labels: -{{ include "logging-operator.labels" . | indent 4 }} -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-logging/templates/userroles.yaml b/charts/rancher-logging/templates/userroles.yaml deleted file mode 100644 index f4136b09a..000000000 --- a/charts/rancher-logging/templates/userroles.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "logging-admin" - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" -rules: - - apiGroups: - - "logging.banzaicloud.io" - resources: - - flows - - outputs - verbs: - - "*" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: "logging-view" - labels: - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: - - apiGroups: - - "logging.banzaicloud.io" - resources: - - flows - - outputs - - clusterflows - - clusteroutputs - verbs: - - get - - list - - watch diff --git a/charts/rancher-logging/templates/validate-install-crd.yaml b/charts/rancher-logging/templates/validate-install-crd.yaml deleted file mode 100644 index 77fc8047c..000000000 --- a/charts/rancher-logging/templates/validate-install-crd.yaml +++ /dev/null @@ -1,20 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "logging-extensions.banzaicloud.io/v1alpha1/EventTailer" false -}} -# {{- set $found "logging-extensions.banzaicloud.io/v1alpha1/HostTailer" false -}} -# {{- set $found "logging.banzaicloud.io/v1alpha1/ClusterFlow" false -}} -# {{- set $found "logging.banzaicloud.io/v1alpha1/ClusterOutput" false -}} -# {{- set $found "logging.banzaicloud.io/v1alpha1/Flow" false -}} -# {{- set $found "logging.banzaicloud.io/v1alpha1/Logging" false -}} -# {{- set $found "logging.banzaicloud.io/v1alpha1/Output" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-logging/templates/validate-install.yaml b/charts/rancher-logging/templates/validate-install.yaml deleted file mode 100644 index bd624cc4b..000000000 --- a/charts/rancher-logging/templates/validate-install.yaml +++ /dev/null @@ -1,5 +0,0 @@ -#{{- if .Values.global.dockerRootDirectory }} -#{{- if or (hasSuffix "/containers" .Values.global.dockerRootDirectory) (hasSuffix "/" .Values.global.dockerRootDirectory) }} -#{{- required "global.dockerRootDirectory must not end with suffix: '/' or '/containers'" "" -}} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-logging/templates/validate-psp-install.yaml b/charts/rancher-logging/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-logging/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-logging/values.yaml b/charts/rancher-logging/values.yaml deleted file mode 100644 index df3ff9500..000000000 --- a/charts/rancher-logging/values.yaml +++ /dev/null @@ -1,265 +0,0 @@ -# Default values for logging-operator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: rancher/mirrored-banzaicloud-logging-operator - tag: 3.17.10 - pullPolicy: IfNotPresent - -env: [] -volumes: [] -volumeMounts: [] -# extraArgs: -# - -enable-leader-election=true -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" -namespaceOverride: "" - -## Pod custom labels -## -podLabels: {} - -annotations: {} - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: - kubernetes.io/os: linux - -tolerations: - - key: cattle.io/os - operator: "Equal" - value: "linux" - effect: NoSchedule - -affinity: {} - -http: - # http listen port number - port: 8080 - # Service definition for query http service - service: - type: ClusterIP - clusterIP: None - # Annotations to query http service - annotations: {} - # Labels to query http service - labels: {} - -rbac: - enabled: true - psp: - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - -## SecurityContext holds pod-level security attributes and common container settings. -## This defaults to non-root user with uid 1000 and gid 2000. *v1.PodSecurityContext false -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ -## -podSecurityContext: {} -# runAsNonRoot: true -# runAsUser: 1000 -# fsGroup: 2000 -securityContext: {} -# allowPrivilegeEscalation: false -# readOnlyRootFilesystem: true - # capabilities: - # drop: ["ALL"] - -## Operator priorityClassName -## -priorityClassName: {} - -monitoring: - # Create a Prometheus Operator ServiceMonitor object - serviceMonitor: - enabled: false - additionalLabels: {} - metricRelabelings: [] - relabelings: [] - -serviceAccount: - annotations: {} - -################################### -# Rancher Logging Operator Values # -################################### - -# Enable debug to use fluent-bit images that allow exec -debug: false - -# Disable persistent volumes for buffers -disablePvc: true - -# If your additional logging sources collect logs from systemd configure the systemd log path here -systemdLogPath: "/run/log/journal" - -global: - cattle: - systemDefaultRegistry: "" - # Uncomment the below two lines to either enable or disable Windows logging. If this chart is - # installed via the Rancher UI, it will set this value to "true" if the cluster is a Windows - # cluster. In that scenario, if you would like to disable Windows logging on Windows clusters, - # set the value below to "false". - # windows: - # enabled: true - psp: - enabled: false - - # Change the "dockerRootDirectory" if the default Docker directory has changed. - dockerRootDirectory: "" - - rkeWindowsPathPrefix: "c:\\" - - seLinux: - enabled: false - -images: - config_reloader: - repository: rancher/mirrored-jimmidyson-configmap-reload - tag: v0.4.0 - fluentbit: - repository: rancher/mirrored-fluent-fluent-bit - tag: 2.2.0 - nodeagent_fluentbit: - os: "windows" - repository: rancher/fluent-bit - tag: v1.8.10 - fluentbit_debug: - repository: rancher/mirrored-fluent-fluent-bit - tag: 2.2.0-debug - fluentd: - repository: rancher/mirrored-banzaicloud-fluentd - tag: v1.14.6-alpine-5 - -additionalLoggingSources: - rke: - enabled: false - fluentbit: - log_level: "info" - mem_buffer_limit: "5MB" - rke2: - enabled: false - stripUnderscores: false - k3s: - enabled: false - container_engine: "systemd" - stripUnderscores: false - aks: - enabled: false - eks: - enabled: false - gke: - enabled: false - kubeAudit: - auditFilename: "" - enabled: false - pathPrefix: "" - fluentbit: - logTag: kube-audit - tolerations: - - key: node-role.kubernetes.io/control-plane - value: "true" - effect: NoSchedule - - key: node-role.kubernetes.io/etcd - value: "true" - effect: NoExecute - -# configures node agent options for windows node agents -nodeAgents: - tls: - enabled: false - -# These settings apply to every Logging CR, including vendor Logging CRs enabled in "additionalLoggingSources". -# Changing these affects every Logging CR installed. -fluentd: - bufferStorageVolume: {} - livenessProbe: - tcpSocket: - port: 24240 - initialDelaySeconds: 30 - periodSeconds: 15 - nodeSelector: {} - resources: {} - tolerations: {} - env: [] -fluentbit: - inputTail: - Buffer_Chunk_Size: "" - Buffer_Max_Size: "" - Mem_Buf_Limit: "" - Multiline_Flush: "" - Skip_Long_Lines: "" - resources: {} - tolerations: - - key: node-role.kubernetes.io/control-plane - value: "true" - effect: NoSchedule - - key: node-role.kubernetes.io/etcd - value: "true" - effect: NoExecute - filterKubernetes: - Merge_Log: "" - Merge_Log_Key: "" - Merge_Log_Trim: "" - Merge_Parser: "" - -# DO NOT SET THIS UNLESS YOU KNOW WHAT YOU ARE DOING. -# Setting fields on this object can break rancher logging or cause unexpected behavior. It is intended to be used if you -# need to configure functionality not exposed by rancher logging. It is highly recommended you check the `app-readme.md` -# for the functionality you need before modifying this object. - -# this object will be merged with every logging CR created by this chart. Any fields that collide with fields from the -# settings above will be overridden. Any fields that collide with fields set in the files in `templates/loggings` will -# be ignored. - -## Configure extra options for startup, liveness and readiness probes -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes -startupProbe: - enabled: true - tcpSocket: - port: tcp - initialDelaySeconds: 0 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 10 - successThreshold: 1 - -readinessProbe: - enabled: true - tcpSocket: - port: tcp - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 - -livenessProbe: - enabled: true - tcpSocket: - port: tcp - initialDelaySeconds: 30 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 6 - successThreshold: 1 diff --git a/charts/rancher-monitoring-crd/Chart.yaml b/charts/rancher-monitoring-crd/Chart.yaml deleted file mode 100644 index 51c804191..000000000 --- a/charts/rancher-monitoring-crd/Chart.yaml +++ /dev/null @@ -1,17 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/release-name: rancher-monitoring-crd -apiVersion: v2 -description: Installs the CRDs for rancher-monitoring. -name: rancher-monitoring-crd -type: application -version: 102.0.5+up40.1.2 -maintainers: - - email: info@mosip.io - name: MOSIP -home: https://mosip.io -keywords: - - mosip - - rancher-monitoring-crd diff --git a/charts/rancher-monitoring-crd/README.md b/charts/rancher-monitoring-crd/README.md deleted file mode 100644 index fc966b7a0..000000000 --- a/charts/rancher-monitoring-crd/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# rancher-monitoring-crd - -> **Note:** -> "This Helm chart is taken from `rancher/charts` repository. For any issues or maintenance requests related to these charts, please open a ticket or pull request directly on the original repository". - -A Rancher chart that installs the CRDs used by rancher-monitoring. - -## How does this chart work? - -This chart marshalls all of the CRD files placed in the `crd-manifest` directory into a ConfigMap that is installed onto a cluster alongside relevant RBAC (ServiceAccount, ClusterRoleBinding, ClusterRole, and PodSecurityPolicy). - -Once the relevant dependent resourcees are installed / upgraded / rolled back, this chart executes a post-install / post-upgrade / post-rollback Job that: -- Patches any existing versions of the CRDs contained within the `crd-manifest` on the cluster to set `spec.preserveUnknownFields=false`; this step is required since, based on [Kubernetes docs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#field-pruning) and a [known workaround](https://github.com/kubernetes-sigs/controller-tools/issues/476#issuecomment-691519936), such CRDs cannot be upgraded normally from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1`. -- Runs a `kubectl apply` on the CRDs that are contained within the crd-manifest ConfigMap to upgrade CRDs in the cluster - -On an uninstall, this chart executes a separate post-delete Job that: -- Patches any existing versions of the CRDs contained within `crd-manifest` on the cluster to set `metadata.finalizers=[]` -- Runs a `kubectl delete` on the CRDs that are contained within the crd-manifest ConfigMap to clean up the CRDs from the cluster - -Note: If the relevant CRDs already existed in the cluster at the time of install, this chart will absorb ownership of the lifecycle of those CRDs; therefore, on a `helm uninstall`, those CRDs will also be removed from the cluster alongside this chart. - -## Why can't we just place the CRDs in the templates/ directory of the main chart? - -In Helm today, you cannot declare a CRD and declare a resource of that CRD's kind in templates/ without encountering a failure on render. - -## [Helm 3] Why can't we just place the CRDs in the crds/ directory of the main chart? - -The Helm 3 `crds/` directory only supports the installation of CRDs, but does not support the upgrade and removal of CRDs, unlike what this chart facilitiates. \ No newline at end of file diff --git a/charts/rancher-monitoring-crd/files/crd-manifest.tgz b/charts/rancher-monitoring-crd/files/crd-manifest.tgz deleted file mode 100644 index 9d87ba488..000000000 Binary files a/charts/rancher-monitoring-crd/files/crd-manifest.tgz and /dev/null differ diff --git a/charts/rancher-monitoring-crd/templates/_helpers.tpl b/charts/rancher-monitoring-crd/templates/_helpers.tpl deleted file mode 100644 index edac2b315..000000000 --- a/charts/rancher-monitoring-crd/templates/_helpers.tpl +++ /dev/null @@ -1,50 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# CRD Installation - -{{- define "crd.established" -}} -{{- if not (regexMatch "^([a-zA-Z]+[.][a-zA-Z]*)+$" .) -}} -{{ required (printf "%s is not a valid CRD" .) "" }} -{{- else -}} -echo "beginning wait for {{ . }} to be established..."; -num_tries=1; -until kubectl get crd {{ . }} -o=jsonpath='{range .status.conditions[*]}{.type}={.status} {end}' | grep -qE 'Established=True'; do - if (( num_tries == 30 )); then - echo "timed out waiting for {{ . }}"; - exit 1; - fi; - num_tries=$(( num_tries + 1 )); - echo "{{ . }} is not established. Sleeping for 2 seconds and trying again..."; - sleep 2; -done; -echo "successfully established {{ . }}"; -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring-crd/templates/jobs.yaml b/charts/rancher-monitoring-crd/templates/jobs.yaml deleted file mode 100644 index 51b512adf..000000000 --- a/charts/rancher-monitoring-crd/templates/jobs.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Chart.Name }}-create - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }} - annotations: - "helm.sh/hook": post-install, post-upgrade, post-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed -spec: - template: - metadata: - name: {{ .Chart.Name }}-create - labels: - app: {{ .Chart.Name }} - spec: - serviceAccountName: {{ .Chart.Name }}-manager - securityContext: - runAsNonRoot: false - runAsUser: 0 - initContainers: - - name: set-preserve-unknown-fields-false - image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - > - {{- range $path, $_ := (.Files.Glob "crd-manifest/**.yaml") }} - {{- $crd := get (get ($.Files.Get $path | fromYaml) "metadata") "name" }} - if [[ -n "$(kubectl get crd {{ $crd }} -o jsonpath='{.spec.preserveUnknownFields}')" ]]; then - patch='{"spec": {"preserveUnknownFields": false}}'; - if [[ -z "$(kubectl get crd {{ $crd }} -o jsonpath='{.spec.versions[0].schema}')" ]]; then - patch='{"spec": {"preserveUnknownFields": false, "versions": [{"name": "v1", "served": false, "storage": true, "schema": {"openAPIV3Schema": {"description": "placeholder", "type": "object"}}}]}}'; - fi - echo "Applying patch to {{ $crd }}: ${patch}" - if kubectl patch crd {{ $crd }} -p "${patch}" --type="merge"; then - {{- include "crd.established" $crd | nindent 18 }} - fi; - fi; - {{- end }} - containers: - - name: create-crds - image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - > - echo "Applying CRDs..."; - mkdir -p /etc/crd; - base64 -d /etc/config/crd-manifest.tgz.b64 | tar -xzv -C /etc/crd; - kubectl replace -Rf /etc/crd || kubectl create -Rf /etc/crd; - - echo "Waiting for CRDs to be recognized before finishing installation..."; - - {{- range $path, $_ := (.Files.Glob "crd-manifest/**.yaml") }} - {{- $apiGroup := get (get ($.Files.Get $path | fromYaml) "spec") "group" }} - rm -rf $HOME/.kube/cache/discovery/*/{{ $apiGroup }}; - {{- end }} - - {{- range $path, $_ := (.Files.Glob "crd-manifest/**.yaml") }} - {{- $crd := get (get ($.Files.Get $path | fromYaml) "metadata") "name" }} - {{- include "crd.established" $crd | nindent 12 }} - {{- end }} - volumeMounts: - - name: crd-manifest - readOnly: true - mountPath: /etc/config - restartPolicy: OnFailure - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - {{- if .Values.nodeSelector }} - {{- toYaml .Values.nodeSelector | nindent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - {{- if .Values.tolerations }} - {{- toYaml .Values.tolerations | nindent 8 }} - {{- end }} - volumes: - - name: crd-manifest - configMap: - name: {{ .Chart.Name }}-manifest ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Chart.Name }}-delete - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }} - annotations: - "helm.sh/hook": pre-delete - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed -spec: - template: - metadata: - name: {{ .Chart.Name }}-delete - labels: - app: {{ .Chart.Name }} - spec: - serviceAccountName: {{ .Chart.Name }}-manager - securityContext: - runAsNonRoot: false - runAsUser: 0 - initContainers: - - name: remove-finalizers - image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - > - {{- range $path, $_ := (.Files.Glob "crd-manifest/**.yaml") }} - {{- $crd := get (get ($.Files.Get $path | fromYaml) "metadata") "name" }} - if kubectl patch crd {{ $crd }} -p '{"metadata": {"finalizers": []}}'; then - {{- include "crd.established" $crd | nindent 14 }} - fi; - {{- end }} - volumeMounts: - - name: crd-manifest - readOnly: true - mountPath: /etc/config - containers: - - name: delete-crds - image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -c - - > - echo "Deleting CRDs..."; - mkdir -p /etc/crd; - base64 -d /etc/config/crd-manifest.tgz.b64 | tar -xzv -C /etc/crd; - kubectl delete --ignore-not-found=true -Rf /etc/crd; - volumeMounts: - - name: crd-manifest - readOnly: true - mountPath: /etc/config - restartPolicy: OnFailure - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - {{- if .Values.nodeSelector }} - {{- toYaml .Values.nodeSelector | nindent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - {{- if .Values.tolerations }} - {{- toYaml .Values.tolerations | nindent 8 }} - {{- end }} - volumes: - - name: crd-manifest - configMap: - name: {{ .Chart.Name }}-manifest diff --git a/charts/rancher-monitoring-crd/templates/manifest.yaml b/charts/rancher-monitoring-crd/templates/manifest.yaml deleted file mode 100644 index 8dc9dfb44..000000000 --- a/charts/rancher-monitoring-crd/templates/manifest.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Chart.Name }}-manifest - namespace: {{ .Release.Namespace }} -data: - crd-manifest.tgz.b64: - {{- .Files.Get "files/crd-manifest.tgz" | b64enc | indent 4 }} diff --git a/charts/rancher-monitoring-crd/templates/rbac.yaml b/charts/rancher-monitoring-crd/templates/rbac.yaml deleted file mode 100644 index a4d498b0f..000000000 --- a/charts/rancher-monitoring-crd/templates/rbac.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Chart.Name }}-manager - labels: - app: {{ .Chart.Name }}-manager -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ['create', 'get', 'patch', 'delete', 'update', 'list'] -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ .Chart.Name }}-manager -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Chart.Name }}-manager - labels: - app: {{ .Chart.Name }}-manager -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Chart.Name }}-manager -subjects: -- kind: ServiceAccount - name: {{ .Chart.Name }}-manager - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Chart.Name }}-manager - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }}-manager ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ .Chart.Name }}-manager - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }}-manager -spec: - privileged: false - allowPrivilegeEscalation: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'configMap' - - 'secret' -{{- end }} diff --git a/charts/rancher-monitoring-crd/templates/validate-psp-install.yaml b/charts/rancher-monitoring-crd/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring-crd/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring-crd/values.yaml b/charts/rancher-monitoring-crd/values.yaml deleted file mode 100644 index 0f30e302f..000000000 --- a/charts/rancher-monitoring-crd/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Default values for rancher-monitoring-crd. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - -image: - repository: rancher/shell - tag: v0.1.25 - -nodeSelector: {} - -tolerations: [] diff --git a/charts/rancher-monitoring/.gitignore b/charts/rancher-monitoring/.gitignore deleted file mode 100644 index e69de29bb..000000000 diff --git a/charts/rancher-monitoring/Chart.yaml b/charts/rancher-monitoring/Chart.yaml deleted file mode 100644 index 89de139d2..000000000 --- a/charts/rancher-monitoring/Chart.yaml +++ /dev/null @@ -1,152 +0,0 @@ -annotations: - artifacthub.io/links: | - - name: Chart Source - url: https://github.com/prometheus-community/helm-charts - - name: Upstream Project - url: https://github.com/prometheus-operator/kube-prometheus - artifacthub.io/operator: "true" - catalog.cattle.io/certified: rancher - catalog.cattle.io/deploys-on-os: windows - catalog.cattle.io/display-name: Monitoring - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/namespace: cattle-monitoring-system - catalog.cattle.io/permits-os: linux,windows - catalog.cattle.io/provides-gvr: monitoring.coreos.com.prometheus/v1 - catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' - catalog.cattle.io/release-name: rancher-monitoring - catalog.cattle.io/requests-cpu: 4500m - catalog.cattle.io/requests-memory: 4000Mi - catalog.cattle.io/type: cluster-tool - catalog.cattle.io/ui-component: monitoring - catalog.cattle.io/upstream-version: 19.0.3 -apiVersion: v2 -appVersion: 0.59.1 -dependencies: -- condition: grafana.enabled - name: grafana - version: 6.38.6 - repository: file://./charts/grafana -- condition: hardenedKubelet.enabled - name: hardenedKubelet - version: 0.2.0 - repository: file://./charts/hardenedKubelet -- condition: hardenedNodeExporter.enabled - name: hardenedNodeExporter - version: 0.2.0 - repository: file://./charts/hardenedNodeExporter -- condition: k3sServer.enabled - name: k3sServer - version: 0.2.0 - repository: file://./charts/k3sServer -- condition: kubeStateMetrics.enabled - name: kube-state-metrics - version: 4.18.0 - repository: file://./charts/kube-state-metrics -- condition: kubeAdmControllerManager.enabled - name: kubeAdmControllerManager - version: 0.2.0 - repository: file://./charts/kubeAdmControllerManager -- condition: kubeAdmEtcd.enabled - name: kubeAdmEtcd - version: 0.2.0 - repository: file://./charts/kubeAdmEtcd -- condition: kubeAdmProxy.enabled - name: kubeAdmProxy - version: 0.2.0 - repository: file://./charts/kubeAdmProxy -- condition: kubeAdmScheduler.enabled - name: kubeAdmScheduler - version: 0.2.0 - repository: file://./charts/kubeAdmScheduler -- condition: prometheus-adapter.enabled - name: prometheus-adapter - version: 3.4.0 - repository: file://./charts/prometheus-adapter -- condition: nodeExporter.enabled - name: prometheus-node-exporter - version: 4.2.0 - repository: file://./charts/prometheus-node-exporter -- condition: rke2Etcd.enabled - name: rke2ControllerManager - version: 0.2.0 - repository: file://./charts/rke2ControllerManager -- condition: rke2Etcd.enabled - name: rke2Etcd - version: 0.2.0 - repository: file://./charts/rke2Etcd -- condition: rke2IngressNginx.enabled - name: rke2IngressNginx - version: 0.2.0 - repository: file://./charts/rke2IngressNginx -- condition: rke2Proxy.enabled - name: rke2Proxy - version: 0.2.0 - repository: file://./charts/rke2Proxy -- condition: rke2Scheduler.enabled - name: rke2Scheduler - version: 0.2.0 - repository: file://./charts/rke2Scheduler -- condition: rkeControllerManager.enabled - name: rkeControllerManager - version: 0.2.0 - repository: file://./charts/rkeControllerManager -- condition: rkeEtcd.enabled - name: rkeEtcd - version: 0.2.0 - repository: file://./charts/rkeEtcd -- condition: rkeIngressNginx.enabled - name: rkeIngressNginx - version: 0.2.0 - repository: file://./charts/rkeIngressNginx -- condition: rkeProxy.enabled - name: rkeProxy - version: 0.2.0 - repository: file://./charts/rkeProxy -- condition: rkeScheduler.enabled - name: rkeScheduler - version: 0.2.0 - repository: file://./charts/rkeScheduler -- condition: global.cattle.windows.enabled - name: windowsExporter - version: 0.1.1 - repository: file://./charts/windowsExporter -description: Collects several related Helm charts, Grafana dashboards, and Prometheus - rules combined with documentation and scripts to provide easy to operate end-to-end - Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. -home: https://github.com/prometheus-operator/kube-prometheus -icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png -keywords: -- mosip -- operator -- prometheus -- kube-prometheus -- monitoring -kubeVersion: '>=1.16.0-0' -maintainers: -- email: info@mosip.io - name: MOSIP -- email: andrew@quadcorps.co.uk - name: andrewgkew -- email: cedric@desaintmartin.fr - name: desaintmartin -- email: gianrubio@gmail.com - name: gianrubio -- email: github.gkarthiks@gmail.com - name: gkarthiks -- email: kube-prometheus-stack@sisti.pt - name: GMartinez-Sisti -- email: scott@r6by.com - name: scottrigby -- email: miroslav.hadzhiev@gmail.com - name: Xtigyro -- email: arvind.iyengar@suse.com - name: Arvind -- email: amangeet.samra@suse.com - name: Geet - url: https://github.com/geethub97 -name: rancher-monitoring -sources: -- https://github.com/prometheus-community/helm-charts -- https://github.com/prometheus-operator/kube-prometheus -type: application -version: 102.0.5+up40.1.2 diff --git a/charts/rancher-monitoring/README.md b/charts/rancher-monitoring/README.md deleted file mode 100644 index 4181d97df..000000000 --- a/charts/rancher-monitoring/README.md +++ /dev/null @@ -1,742 +0,0 @@ -# kube-prometheus-stack - -> **Note:** -> "This Helm chart is taken from `rancher/charts` repository. For any issues or maintenance requests related to these charts, please open a ticket or pull request directly on the original repository". - -Installs the [kube-prometheus stack](https://github.com/prometheus-operator/kube-prometheus), a collection of Kubernetes manifests, [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). - -See the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) README for details about components, dashboards, and alerts. - -_Note: This chart was formerly named `prometheus-operator` chart, now renamed to more clearly reflect that it installs the `kube-prometheus` project stack, within which Prometheus Operator is only one component._ - -## Prerequisites - -- Kubernetes 1.16+ -- Helm 3+ - -## Get Helm Repository Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Helm Chart - -```console -helm install [RELEASE_NAME] prometheus-community/kube-prometheus-stack -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Dependencies - -By default this chart installs additional, dependent charts: - -- [prometheus-community/kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) -- [prometheus-community/prometheus-node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) -- [grafana/grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) - -To disable dependencies during installation, see [multiple releases](#multiple-releases) below. - -_See [helm dependency](https://helm.sh/docs/helm/helm_dependency/) for command documentation._ - -## Uninstall Helm Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -CRDs created by this chart are not removed by default and should be manually cleaned up: - -```console -kubectl delete crd alertmanagerconfigs.monitoring.coreos.com -kubectl delete crd alertmanagers.monitoring.coreos.com -kubectl delete crd podmonitors.monitoring.coreos.com -kubectl delete crd probes.monitoring.coreos.com -kubectl delete crd prometheuses.monitoring.coreos.com -kubectl delete crd prometheusrules.monitoring.coreos.com -kubectl delete crd servicemonitors.monitoring.coreos.com -kubectl delete crd thanosrulers.monitoring.coreos.com -``` - -## Upgrading Chart - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack -``` - -With Helm v3, CRDs created by this chart are not updated by default and should be manually updated. -Consult also the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -### Upgrading an existing Release to a new major version - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. - -### From 39.x to 40.x - -This version upgrades Prometheus-Operator to v0.59.1, Prometheus to v2.38.0, kube-state-metrics to v2.6.0 and Thanos to v0.28.0. -This version also upgrades the Helm charts of kube-state-metrics to 4.18.0 and prometheus-node-exporter to 4.2.0. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.59.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -Starting from prometheus-node-exporter version 4.0.0, the `node exporter` chart is using the [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). Therefore you have to delete the daemonset before you upgrade. - -```console -kubectl delete daemonset -l app=prometheus-node-exporter -helm upgrade -i kube-prometheus-stack prometheus-community/kube-prometheus-stack -``` - -If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels. - -### From 38.x to 39.x - -This upgraded prometheus-operator to v0.58.0 and prometheus to v2.37.0 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.58.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 37.x to 38.x - -Reverted one of the default metrics relabelings for cAdvisor added in 36.x, due to it breaking container_network_* and various other statistics. If you do not want this change, you will need to override the `kubelet.cAdvisorMetricRelabelings`. - -### From 36.x to 37.x - -This includes some default metric relabelings for cAdvisor and apiserver metrics to reduce cardinality. If you do not want these defaults, you will need to override the `kubeApiServer.metricRelabelings` and or `kubelet.cAdvisorMetricRelabelings`. - -### From 35.x to 36.x - -This upgraded prometheus-operator to v0.57.0 and prometheus to v2.36.1 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.57.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 34.x to 35.x - -This upgraded prometheus-operator to v0.56.0 and prometheus to v2.35.0 - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.56.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 33.x to 34.x - -This upgrades to prometheus-operator to v0.55.0 and prometheus to v2.33.5. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.55.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 32.x to 33.x - -This upgrades the prometheus-node-exporter Chart to v3.0.0. Please review the changes to this subchart if you make customizations to hostMountPropagation. - -### From 31.x to 32.x - -This upgrades to prometheus-operator to v0.54.0 and prometheus to v2.33.1. It also changes the default for `grafana.serviceMonitor.enabled` to `true. - -Run these commands to update the CRDs before applying the upgrade. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.54.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 30.x to 31.x - -This version removes the built-in grafana ServiceMonitor and instead relies on the ServiceMonitor of the sub-chart. -`grafana.serviceMonitor.enabled` must be set instead of `grafana.serviceMonitor.selfMonitor` and the old ServiceMonitor may -need to be manually cleaned up after deploying the new release. - -### From 29.x to 30.x - -This version updates kube-state-metrics to 4.3.0 and uses the new option `kube-state-metrics.releaseLabel=true` which adds the "release" label to kube-state-metrics labels, making scraping of the metrics by kube-prometheus-stack work out of the box again, independent of the used kube-prometheus-stack release name. If you already set the "release" label via `kube-state-metrics.customLabels` you might have to remove that and use it via the new option. - -### From 28.x to 29.x - -This version makes scraping port for kube-controller-manager and kube-scheduler dynamic to reflect changes to default serving ports -for those components in Kubernetes versions v1.22 and v1.23 respectively. - -If you deploy on clusters using version v1.22+, kube-controller-manager will be scraped over HTTPS on port 10257. - -If you deploy on clusters running version v1.23+, kube-scheduler will be scraped over HTTPS on port 10259. - -### From 27.x to 28.x - -This version disables PodSecurityPolicies by default because they are deprecated in Kubernetes 1.21 and will be removed in Kubernetes 1.25. - -If you are using PodSecurityPolicies you can enable the previous behaviour by setting `kube-state-metrics.podSecurityPolicy.enabled`, `prometheus-node-exporter.rbac.pspEnabled`, `grafana.rbac.pspEnabled` and `global.rbac.pspEnabled` to `true`. - -### From 26.x to 27.x - -This version splits prometheus-node-exporter chart recording and altering rules in separate config values. -Instead of `defaultRules.rules.node` the 2 new variables `defaultRules.rules.nodeExporterAlerting` and `defaultRules.rules.nodeExporterRecording` are used. - -Also the following defaultRules.rules has been removed as they had no effect: `kubeApiserverError`, `kubePrometheusNodeAlerting`, `kubernetesAbsent`, `time`. - -The ability to set a rubookUrl via `defaultRules.rules.rubookUrl` was reintroduced. - -### From 25.x to 26.x - -This version enables the prometheus-node-exporter subchart servicemonitor by default again, by setting `prometheus-node-exporter.prometheus.monitor.enabled` to `true`. - -### From 24.x to 25.x - -This version upgrade to prometheus-operator v0.53.1. It removes support for setting a runbookUrl, since the upstream format for runbooks changed. - -```console -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply --server-side -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.53.1/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 23.x to 24.x - -The custom `ServiceMonitor` for the _kube-state-metrics_ & _prometheus-node-exporter_ charts have been removed in favour of the built-in sub-chart `ServiceMonitor`; for both sub-charts this means that `ServiceMonitor` customisations happen via the values passed to the chart. If you haven't directly customised this behaviour then there are no changes required to upgrade, but if you have please read the following. - -For _kube-state-metrics_ the `ServiceMonitor` customisation is now set via `kube-state-metrics.prometheus.monitor` and the `kubeStateMetrics.serviceMonitor.selfMonitor.enabled` value has moved to `kube-state-metrics.selfMonitor.enabled`. - -For _prometheus-node-exporter_ the `ServiceMonitor` customisation is now set via `prometheus-node-exporter.prometheus.monitor` and the `nodeExporter.jobLabel` values has moved to `prometheus-node-exporter.prometheus.monitor.jobLabel`. - -### From 22.x to 23.x - -Port names have been renamed for Istio's -[explicit protocol selection](https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection). - -| | old value | new value | -|-|-----------|-----------| -| `alertmanager.alertmanagerSpec.portName` | `web` | `http-web` | -| `grafana.service.portName` | `service` | `http-web` | -| `prometheus-node-exporter.service.portName` | `metrics` (hardcoded) | `http-metrics` | -| `prometheus.prometheusSpec.portName` | `web` | `http-web` | - -### From 21.x to 22.x - -Due to the upgrade of the `kube-state-metrics` chart, removal of its deployment/stateful needs to done manually prior to upgrading: - -```console -kubectl delete deployments.apps -l app.kubernetes.io/instance=prometheus-operator,app.kubernetes.io/name=kube-state-metrics --cascade=orphan -``` - -or if you use autosharding: - -```console -kubectl delete statefulsets.apps -l app.kubernetes.io/instance=prometheus-operator,app.kubernetes.io/name=kube-state-metrics --cascade=orphan -``` - -### From 20.x to 21.x - -The config reloader values have been refactored. All the values have been moved to the key `prometheusConfigReloader` and the limits and requests can now be set separately. - -### From 19.x to 20.x - -Version 20 upgrades prometheus-operator from 0.50.x to 0.52.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.52.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 18.x to 19.x - -`kubeStateMetrics.serviceMonitor.namespaceOverride` was removed. -Please use `kube-state-metrics.namespaceOverride` instead. - -### From 17.x to 18.x - -Version 18 upgrades prometheus-operator from 0.49.x to 0.50.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.50.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 16.x to 17.x - -Version 17 upgrades prometheus-operator from 0.48.x to 0.49.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.49.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 15.x to 16.x - -Version 16 upgrades kube-state-metrics to v2.0.0. This includes changed command-line arguments and removed metrics, see this [blog post](https://kubernetes.io/blog/2021/04/13/kube-state-metrics-v-2-0/). This version also removes Grafana dashboards that supported Kubernetes 1.14 or earlier. - -### From 14.x to 15.x - -Version 15 upgrades prometheus-operator from 0.46.x to 0.47.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.47.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 13.x to 14.x - -Version 14 upgrades prometheus-operator from 0.45.x to 0.46.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRDs manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.46.0/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml -``` - -### From 12.x to 13.x - -Version 13 upgrades prometheus-operator from 0.44.x to 0.45.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/v0.45.0/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml -``` - -### From 11.x to 12.x - -Version 12 upgrades prometheus-operator from 0.43.x to 0.44.x. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.44/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml -``` - -The chart was migrated to support only helm v3 and later. - -### From 10.x to 11.x - -Version 11 upgrades prometheus-operator from 0.42.x to 0.43.x. Starting with 0.43.x an additional `AlertmanagerConfigs` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.43/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagerconfigs.yaml -``` - -Version 11 removes the deprecated tlsProxy via ghostunnel in favor of native TLS support the prometheus-operator gained with v0.39.0. - -### From 9.x to 10.x - -Version 10 upgrades prometheus-operator from 0.38.x to 0.42.x. Starting with 0.40.x an additional `Probes` CRD is introduced. Helm does not automatically upgrade or install new CRDs on a chart upgrade, so you have to install the CRD manually before updating: - -```console -kubectl apply -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/release-0.42/example/prometheus-operator-crd/monitoring.coreos.com_probes.yaml -``` - -### From 8.x to 9.x - -Version 9 of the helm chart removes the existing `additionalScrapeConfigsExternal` in favour of `additionalScrapeConfigsSecret`. This change lets users specify the secret name and secret key to use for the additional scrape configuration of prometheus. This is useful for users that have prometheus-operator as a subchart and also have a template that creates the additional scrape configuration. - -### From 7.x to 8.x - -Due to new template functions being used in the rules in version 8.x.x of the chart, an upgrade to Prometheus Operator and Prometheus is necessary in order to support them. First, upgrade to the latest version of 7.x.x - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version 7.5.0 -``` - -Then upgrade to 8.x.x - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-prometheus-stack --version [8.x.x] -``` - -Minimal recommended Prometheus version for this chart release is `2.12.x` - -### From 6.x to 7.x - -Due to a change in grafana subchart, version 7.x.x now requires Helm >= 2.12.0. - -### From 5.x to 6.x - -Due to a change in deployment labels of kube-state-metrics, the upgrade requires `helm upgrade --force` in order to re-create the deployment. If this is not done an error will occur indicating that the deployment cannot be modified: - -```console -invalid: spec.selector: Invalid value: v1.LabelSelector{MatchLabels:map[string]string{"app.kubernetes.io/name":"kube-state-metrics"}, MatchExpressions:[]v1.LabelSelectorRequirement(nil)}: field is immutable -``` - -If this error has already been encountered, a `helm history` command can be used to determine which release has worked, then `helm rollback` to the release, then `helm upgrade --force` to this new one - -## Configuration - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: - -```console -helm show values prometheus-community/kube-prometheus-stack -``` - -You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. - -### Rancher Monitoring Configuration - -The following table shows values exposed by Rancher Monitoring's additions to the chart: - -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `nameOverride` | Provide a name that should be used instead of the chart name when naming all resources deployed by this chart |`"rancher-monitoring"`| -| `namespaceOverride` | Override the deployment namespace | `"cattle-monitoring-system"` | -| `global.rbac.userRoles.create` | Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets | `true` | -| `global.rbac.userRoles.aggregateToDefaultRoles` | Aggregate default user ClusterRoles into default k8s ClusterRoles | `true` | -| `prometheus-adapter.enabled` | Whether to install [prometheus-adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) within the cluster | `true` | -| `prometheus-adapter.prometheus.url` | A URL pointing to the Prometheus deployment within your cluster. The default value is set based on the assumption that you plan to deploy the default Prometheus instance from this chart where `.Values.namespaceOverride=cattle-monitoring-system` and `.Values.nameOverride=rancher-monitoring` | `http://rancher-monitoring-prometheus.cattle-monitoring-system.svc` | -| `prometheus-adapter.prometheus.port` | The port on the Prometheus deployment that Prometheus Adapter can make requests to | `9090` | -| `prometheus.prometheusSpec.ignoreNamespaceSelectors` | Ignore NamespaceSelector settings from the PodMonitor and ServiceMonitor configs. If true, PodMonitors and ServiceMonitors can only discover Pods and Services within the namespace they are deployed into | `false` | - -The following values are enabled for different distributions via [rancher-pushprox](https://github.com/rancher/dev-charts/tree/master/packages/rancher-pushprox). See the rancher-pushprox `README.md` for more information on what all values can be configured for the PushProxy chart. - -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `rkeControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in RKE clusters | `false` | -| `rkeScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in RKE clusters | `false` | -| `rkeProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in RKE clusters | `false` | -| `rkeIngressNginx.enabled` | Create a PushProx installation for monitoring ingress-nginx metrics in RKE clusters | `false` | -| `rkeEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in RKE clusters | `false` | -| `rke2IngressNginx.enabled` | Create a PushProx installation for monitoring ingress-nginx metrics in RKE2 clusters | `false` | -| `k3sServer.enabled` | Create a PushProx installation for monitoring k3s-server metrics (accounts for kube-controller-manager, kube-scheduler, and kube-proxy metrics) in k3s clusters | `false` | -| `kubeAdmControllerManager.enabled` | Create a PushProx installation for monitoring kube-controller-manager metrics in kubeAdm clusters | `false` | -| `kubeAdmScheduler.enabled` | Create a PushProx installation for monitoring kube-scheduler metrics in kubeAdm clusters | `false` | -| `kubeAdmProxy.enabled` | Create a PushProx installation for monitoring kube-proxy metrics in kubeAdm clusters | `false` | -| `kubeAdmEtcd.enabled` | Create a PushProx installation for monitoring etcd metrics in kubeAdm clusters | `false` | - - -### Multiple releases - -The same chart can be used to run multiple Prometheus instances in the same cluster if required. To achieve this, it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration, while all other components need to be disabled. To disable a dependency during installation, set `kubeStateMetrics.enabled`, `nodeExporter.enabled` and `grafana.enabled` to `false`. - -## Work-Arounds for Known Issues - -### Running on private GKE clusters - -When Google configure the control plane for private clusters, they automatically configure VPC peering between your Kubernetes cluster’s network and a separate Google managed project. In order to restrict what Google are able to access within your cluster, the firewall rules configured restrict access to your Kubernetes pods. This means that in order to use the webhook component with a GKE private cluster, you must configure an additional firewall rule to allow the GKE control plane access to your webhook pod. - -You can read more information on how to add firewall rules for the GKE control plane nodes in the [GKE docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) - -Alternatively, you can disable the hooks by setting `prometheusOperator.admissionWebhooks.enabled=false`. - -## PrometheusRules Admission Webhooks - -With Prometheus Operator version 0.30+, the core Prometheus Operator pod exposes an endpoint that will integrate with the `validatingwebhookconfiguration` Kubernetes feature to prevent malformed rules from being added to the cluster. - -### How the Chart Configures the Hooks - -A validating and mutating webhook configuration requires the endpoint to which the request is sent to use TLS. It is possible to set up custom certificates to do this, but in most cases, a self-signed certificate is enough. The setup of this component requires some more complex orchestration when using helm. The steps are created to be idempotent and to allow turning the feature on and off without running into helm quirks. - -1. A pre-install hook provisions a certificate into the same namespace using a format compatible with provisioning using end user certificates. If the certificate already exists, the hook exits. -2. The prometheus operator pod is configured to use a TLS proxy container, which will load that certificate. -3. Validating and Mutating webhook configurations are created in the cluster, with their failure mode set to Ignore. This allows rules to be created by the same chart at the same time, even though the webhook has not yet been fully set up - it does not have the correct CA field set. -4. A post-install hook reads the CA from the secret created by step 1 and patches the Validating and Mutating webhook configurations. This process will allow a custom CA provisioned by some other process to also be patched into the webhook configurations. The chosen failure policy is also patched into the webhook configurations - -### Alternatives - -It should be possible to use [jetstack/cert-manager](https://github.com/jetstack/cert-manager) if a more complete solution is required, but it has not been tested. - -You can enable automatic self-signed TLS certificate provisioning via cert-manager by setting the `prometheusOperator.admissionWebhooks.certManager.enabled` value to true. - -### Limitations - -Because the operator can only run as a single pod, there is potential for this component failure to cause rule deployment failure. Because this risk is outweighed by the benefit of having validation, the feature is enabled by default. - -## Developing Prometheus Rules and Grafana Dashboards - -This chart Grafana Dashboards and Prometheus Rules are just a copy from [prometheus-operator/prometheus-operator](https://github.com/prometheus-operator/prometheus-operator) and other sources, synced (with alterations) by scripts in [hack](hack) folder. In order to introduce any changes you need to first [add them to the original repository](https://github.com/prometheus-operator/kube-prometheus/blob/main/docs/customizations/developing-prometheus-rules-and-grafana-dashboards.md) and then sync there by scripts. - -## Further Information - -For more in-depth documentation of configuration options meanings, please see - -- [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) -- [Prometheus](https://prometheus.io/docs/introduction/overview/) -- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana#grafana-helm-chart) - -## prometheus.io/scrape - -The prometheus operator does not support annotation-based discovery of services, using the `PodMonitor` or `ServiceMonitor` CRD in its place as they provide far more configuration options. -For information on how to use PodMonitors/ServiceMonitors, please see the documentation on the `prometheus-operator/prometheus-operator` documentation here: - -- [ServiceMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#include-servicemonitors) -- [PodMonitors](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/getting-started.md#include-podmonitors) -- [Running Exporters](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/running-exporters.md) - -By default, Prometheus discovers PodMonitors and ServiceMonitors within its namespace, that are labeled with the same release tag as the prometheus-operator release. -Sometimes, you may need to discover custom PodMonitors/ServiceMonitors, for example used to scrape data from third-party applications. -An easy way of doing this, without compromising the default PodMonitors/ServiceMonitors discovery, is allowing Prometheus to discover all PodMonitors/ServiceMonitors within its namespace, without applying label filtering. -To do so, you can set `prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues` and `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` to `false`. - -## Migrating from stable/prometheus-operator chart - -## Zero downtime - -Since `kube-prometheus-stack` is fully compatible with the `stable/prometheus-operator` chart, a migration without downtime can be achieved. -However, the old name prefix needs to be kept. If you want the new name please follow the step by step guide below (with downtime). - -You can override the name to achieve this: - -```console -helm upgrade prometheus-operator prometheus-community/kube-prometheus-stack -n monitoring --reuse-values --set nameOverride=prometheus-operator -``` - -**Note**: It is recommended to run this first with `--dry-run --debug`. - -## Redeploy with new name (downtime) - -If the **prometheus-operator** values are compatible with the new **kube-prometheus-stack** chart, please follow the below steps for migration: - -> The guide presumes that chart is deployed in `monitoring` namespace and the deployments are running there. If in other namespace, please replace the `monitoring` to the deployed namespace. - -1. Patch the PersistenceVolume created/used by the prometheus-operator chart to `Retain` claim policy: - - ```console - kubectl patch pv/ -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' - ``` - - **Note:** To execute the above command, the user must have a cluster wide permission. Please refer [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) - -2. Uninstall the **prometheus-operator** release and delete the existing PersistentVolumeClaim, and verify PV become Released. - - ```console - helm uninstall prometheus-operator -n monitoring - kubectl delete pvc/ -n monitoring - ``` - - Additionally, you have to manually remove the remaining `prometheus-operator-kubelet` service. - - ```console - kubectl delete service/prometheus-operator-kubelet -n kube-system - ``` - - You can choose to remove all your existing CRDs (ServiceMonitors, Podmonitors, etc.) if you want to. - -3. Remove current `spec.claimRef` values to change the PV's status from Released to Available. - - ```console - kubectl patch pv/ --type json -p='[{"op": "remove", "path": "/spec/claimRef"}]' -n monitoring - ``` - -**Note:** To execute the above command, the user must have a cluster wide permission. Please refer to [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) - -After these steps, proceed to a fresh **kube-prometheus-stack** installation and make sure the current release of **kube-prometheus-stack** matching the `volumeClaimTemplate` values in the `values.yaml`. - -The binding is done via matching a specific amount of storage requested and with certain access modes. - -For example, if you had storage specified as this with **prometheus-operator**: - -```yaml -volumeClaimTemplate: - spec: - storageClassName: gp2 - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: 50Gi -``` - -You have to specify matching `volumeClaimTemplate` with 50Gi storage and `ReadWriteOnce` access mode. - -Additionally, you should check the current AZ of your legacy installation's PV, and configure the fresh release to use the same AZ as the old one. If the pods are in a different AZ than the PV, the release will fail to bind the existing one, hence creating a new PV. - -This can be achieved either by specifying the labels through `values.yaml`, e.g. setting `prometheus.prometheusSpec.nodeSelector` to: - -```yaml -nodeSelector: - failure-domain.beta.kubernetes.io/zone: east-west-1a -``` - -or passing these values as `--set` overrides during installation. - -The new release should now re-attach your previously released PV with its content. - -## Migrating from coreos/prometheus-operator chart - -The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster. - -There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support. - -The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy. - -You can check out the tickets for this change [here](https://github.com/prometheus-operator/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765). - -### High-level overview of Changes - -#### Added dependencies - -The chart has added 3 [dependencies](#dependencies). - -- Node-Exporter, Kube-State-Metrics: These components are loaded as dependencies into the chart, and are relatively simple components -- Grafana: The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/grafana/helm-charts/blob/main/charts/grafana/README.md) - -#### Kubelet Service - -Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice. - -#### Persistent Volumes - -If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created: - -```yaml -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pvc-prometheus-migration-prometheus-0 -spec: - accessModes: - - ReadWriteOnce - azureDisk: - cachingMode: None - diskName: pvc-prometheus-migration-prometheus-0 - diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0 - fsType: "" - kind: Managed - readOnly: false - capacity: - storage: 1Gi - persistentVolumeReclaimPolicy: Delete - storageClassName: prometheus - volumeMode: Filesystem -``` - -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - labels: - app.kubernetes.io/name: prometheus - prometheus: prometheus-migration-prometheus - name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0 - namespace: monitoring -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: prometheus - volumeMode: Filesystem - volumeName: pvc-prometheus-migration-prometheus-0 -``` - -The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used. - -#### KubeProxy - -The metrics bind address of kube-proxy is default to `127.0.0.1:10249` that prometheus instances **cannot** access to. You should expose metrics by changing `metricsBindAddress` field value to `0.0.0.0:10249` if you want to collect them. - -Depending on the cluster, the relevant part `config.conf` will be in ConfigMap `kube-system/kube-proxy` or `kube-system/kube-proxy-config`. For example: - -```console -kubectl -n kube-system edit cm kube-proxy -``` - -```yaml -apiVersion: v1 -data: - config.conf: |- - apiVersion: kubeproxy.config.k8s.io/v1alpha1 - kind: KubeProxyConfiguration - # ... - # metricsBindAddress: 127.0.0.1:10249 - metricsBindAddress: 0.0.0.0:10249 - # ... - kubeconfig.conf: |- - # ... -kind: ConfigMap -metadata: - labels: - app: kube-proxy - name: kube-proxy - namespace: kube-system -``` diff --git a/charts/rancher-monitoring/app-README.md b/charts/rancher-monitoring/app-README.md deleted file mode 100644 index 6c0337c79..000000000 --- a/charts/rancher-monitoring/app-README.md +++ /dev/null @@ -1,49 +0,0 @@ -# Rancher Monitoring and Alerting - -> **Note:** -> "This Helm chart is taken from `rancher/charts` repository. For any issues or maintenance requests related to these charts, please open a ticket or pull request directly on the original repository". - -This chart is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) chart. The chart deploys [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator) and its CRDs along with [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana), [Prometheus Adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) and additional charts / Kubernetes manifests to gather metrics. It allows users to monitor their Kubernetes clusters, view metrics in Grafana dashboards, and set up alerts and notifications. - -For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/). - -The chart installs the following components: - -- [Prometheus Operator](https://github.com/coreos/prometheus-operator) - The operator provides easy monitoring definitions for Kubernetes services, manages [Prometheus](https://prometheus.io/) and [AlertManager](https://prometheus.io/docs/alerting/latest/alertmanager/) instances, and adds default scrape targets for some Kubernetes components. -- [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus/) - A collection of community-curated Kubernetes manifests, Grafana Dashboards, and PrometheusRules that deploy a default end-to-end cluster monitoring configuration. -- [Grafana](https://github.com/grafana/helm-charts/tree/main/charts/grafana) - Grafana allows a user to create / view dashboards based on the cluster metrics collected by Prometheus. -- [node-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-node-exporter) / [kube-state-metrics](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics) / [rancher-pushprox](https://github.com/rancher/charts/tree/dev-v2.7/packages/rancher-monitoring/rancher-pushprox/charts) - These charts monitor various Kubernetes components across different Kubernetes cluster types. -- [Prometheus Adapter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter) - The adapter allows a user to expose custom metrics, resource metrics, and external metrics on the default [Prometheus](https://prometheus.io/) instance to the Kubernetes API Server. - -For more information, review the Helm README of this chart. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. -​ -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Upgrading from 100.0.0+up16.6.0 to 100.1.0+up19.0.3 - -### Noticeable changes: -Grafana: -- `sidecar.dashboards.searchNamespace`, `sidecar.datasources.searchNamespace` and `sidecar.notifiers.searchNamespace` support a list of namespaces now. - -Kube-state-metrics -- the type of `collectors` is changed from Dictionary to List. -- `kubeStateMetrics.serviceMonitor.namespaceOverride` was replaced by `kube-state-metrics.namespaceOverride`. - -### Known issues: -- Occasionally, the upgrade fails with errors related to the webhook `prometheusrulemutate.monitoring.coreos.com`. This is a known issue in the upstream, and the workaround is to trigger the upgrade one more time. [32416](https://github.com/rancher/rancher/issues/32416#issuecomment-828881726) diff --git a/charts/rancher-monitoring/charts/grafana/.helmignore b/charts/rancher-monitoring/charts/grafana/.helmignore deleted file mode 100644 index 8cade1318..000000000 --- a/charts/rancher-monitoring/charts/grafana/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.vscode -.project -.idea/ -*.tmproj -OWNERS diff --git a/charts/rancher-monitoring/charts/grafana/Chart.yaml b/charts/rancher-monitoring/charts/grafana/Chart.yaml deleted file mode 100644 index 9b0ca1792..000000000 --- a/charts/rancher-monitoring/charts/grafana/Chart.yaml +++ /dev/null @@ -1,29 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.27.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-grafana -apiVersion: v2 -appVersion: 9.1.5 -description: The leading tool for querying and visualizing time series and metrics. -home: https://grafana.net -icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png -kubeVersion: ^1.8.0-0 -maintainers: -- email: zanhsieh@gmail.com - name: zanhsieh -- email: rluckie@cisco.com - name: rtluckie -- email: maor.friedman@redhat.com - name: maorfr -- email: miroslav.hadzhiev@gmail.com - name: Xtigyro -- email: mail@torstenwalter.de - name: torstenwalter -name: grafana -sources: -- https://github.com/grafana/grafana -type: application -version: 6.38.6 diff --git a/charts/rancher-monitoring/charts/grafana/README.md b/charts/rancher-monitoring/charts/grafana/README.md deleted file mode 100644 index 45046f0d8..000000000 --- a/charts/rancher-monitoring/charts/grafana/README.md +++ /dev/null @@ -1,574 +0,0 @@ -# Grafana Helm Chart - -* Installs the web dashboarding system [Grafana](http://grafana.org/) - -## Get Repo Info - -```console -helm repo add grafana https://grafana.github.io/helm-charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Installing the Chart - -To install the chart with the release name `my-release`: - -```console -helm install my-release grafana/grafana -``` - -## Uninstalling the Chart - -To uninstall/delete the my-release deployment: - -```console -helm delete my-release -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Upgrading an existing Release to a new major version - -A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an -incompatible breaking change needing manual actions. - -### To 4.0.0 (And 3.12.1) - -This version requires Helm >= 2.12.0. - -### To 5.0.0 - -You have to add --force to your helm upgrade command as the labels of the chart have changed. - -### To 6.0.0 - -This version requires Helm >= 3.1.0. - -## Configuration - -| Parameter | Description | Default | -|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------| -| `replicas` | Number of nodes | `1` | -| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` | -| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` | -| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` | -| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` | -| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`| -| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` | -| `priorityClassName` | Name of Priority Class to assign pods | `nil` | -| `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Overrides the Grafana image tag whose default is the chart appVersion (`Must be >= 5.0.0`) | `` | -| `image.sha` | Image sha (optional) | `` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets (can be templated) | `[]` | -| `service.enabled` | Enable grafana service | `true` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.port` | Kubernetes port where service is exposed | `80` | -| `service.portName` | Name of the port on the service | `service` | -| `service.appProtocol` | Adds the appProtocol field to the service | `` | -| `service.targetPort` | Internal service is port | `3000` | -| `service.nodePort` | Kubernetes service nodePort | `nil` | -| `service.annotations` | Service annotations (can be templated) | `{}` | -| `service.labels` | Custom labels | `{}` | -| `service.clusterIP` | internal cluster service IP | `nil` | -| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` | -| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` | -| `service.externalIPs` | service external IP addresses | `[]` | -| `headlessService` | Create a headless service | `false` | -| `extraExposePorts` | Additional service ports for sidecar containers| `[]` | -| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` | -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations (values are templated) | `{}` | -| `ingress.labels` | Custom labels | `{}` | -| `ingress.path` | Ingress accepted path | `/` | -| `ingress.pathType` | Ingress type of path | `Prefix` | -| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` | -| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `extraInitContainers` | Init containers to add to the grafana pod | `{}` | -| `extraContainers` | Sidecar containers to add to the grafana pod | `""` | -| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` | -| `extraLabels` | Custom labels for all manifests | `{}` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | -| `persistence.enabled` | Use persistent volume to store data | `false` | -| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` | -| `persistence.size` | Size of persistent volume claim | `10Gi` | -| `persistence.existingClaim` | Use an existing PVC to persist data (can be templated) | `nil` | -| `persistence.storageClassName` | Type of persistent volume claim | `nil` | -| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` | -| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` | -| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` | -| `persistence.subPath` | Mount a sub dir of the persistent volume (can be templated) | `nil` | -| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` | -| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` | -| `initChownData.enabled` | If false, don't reset data ownership at startup | true | -| `initChownData.image.repository` | init-chown-data container image repository | `busybox` | -| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` | -| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` | -| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` | -| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` | -| `schedulerName` | Alternate scheduler name | `nil` | -| `env` | Extra environment variables passed to pods | `{}` | -| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. Can be templated | `{}` | -| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | -| `envFromSecrets` | List of Kubernetes secrets (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | -| `envFromConfigMaps` | List of Kubernetes ConfigMaps (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `[]` | -| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` | -| `enableServiceLinks` | Inject Kubernetes services as environment variables. | `true` | -| `extraSecretMounts` | Additional grafana server secret mounts | `[]` | -| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` | -| `createConfigmap` | Enable creating the grafana configmap | `true` | -| `extraConfigmapMounts` | Additional grafana server configMap volume mounts (values are templated) | `[]` | -| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` | -| `plugins` | Plugins to be loaded along with Grafana | `[]` | -| `datasources` | Configure grafana datasources (passed through tpl) | `{}` | -| `alerting` | Configure grafana alerting (passed through tpl) | `{}` | -| `notifiers` | Configure grafana notifiers | `{}` | -| `dashboardProviders` | Configure grafana dashboard providers | `{}` | -| `dashboards` | Dashboards to import | `{}` | -| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` | -| `grafana.ini` | Grafana's primary configuration | `{}` | -| `ldap.enabled` | Enable LDAP authentication | `false` | -| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` | -| `ldap.config` | Grafana's LDAP configuration | `""` | -| `annotations` | Deployment annotations | `{}` | -| `labels` | Deployment labels | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Pod labels | `{}` | -| `podPortName` | Name of the grafana port on the pod | `grafana` | -| `lifecycleHooks` | Lifecycle hooks for podStart and preStop [Example](https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/#define-poststart-and-prestop-handlers) | `{}` | -| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` | -| `sidecar.image.tag` | Sidecar image tag | `1.19.2` | -| `sidecar.image.sha` | Sidecar image sha (optional) | `""` | -| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | -| `sidecar.resources` | Sidecar resources | `{}` | -| `sidecar.securityContext` | Sidecar securityContext | `{}` | -| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` | -| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | -| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | -| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` | -| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` | -| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` | -| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` | -| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` | -| `sidecar.dashboards.provider.type` | Provider type | `file` | -| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` | -| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` | -| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` | -| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | -| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `""` | -| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` | -| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` | -| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` | -| `sidecar.dashboards.searchNamespace` | Namespaces list. If specified, the sidecar will search for dashboards config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.dashboards.script` | Absolute path to shell script to execute after a configmap got reloaded. | `nil` | -| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.dashboards.extraMounts` | Additional dashboard sidecar volume mounts. | `[]` | -| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | -| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | -| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `""` | -| `sidecar.datasources.searchNamespace` | Namespaces list. If specified, the sidecar will search for datasources config-maps inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `sidecar.datasources.reloadURL` | Full url of datasource configuration reload API endpoint, to invoke after a config-map change | `"http://localhost:3000/api/admin/provisioning/datasources/reload"` | -| `sidecar.datasources.skipReload` | Enabling this omits defining the REQ_URL and REQ_METHOD environment variables | `false` | -| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` | -| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` | -| `sidecar.notifiers.searchNamespace` | Namespaces list. If specified, the sidecar will search for notifiers config-maps (or secrets) inside these namespaces.Otherwise the namespace in which the sidecar is running will be used.It's also possible to specify ALL to search in all namespaces. | `nil` | -| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` | -| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | -| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | -| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` | -| `admin.existingSecret` | The name of an existing secret containing the admin credentials (can be templated). | `""` | -| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` | -| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` | -| `serviceAccount.autoMount` | Automount the service account token in the pod| `true` | -| `serviceAccount.annotations` | ServiceAccount annotations | | -| `serviceAccount.create` | Create service account | `true` | -| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` | -| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` | -| `rbac.create` | Create and use RBAC resources | `true` | -| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` | -| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` | -| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | -| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | -| `rbac.extraRoleRules` | Additional rules to add to the Role | [] | -| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] | -| `command` | Define command to be executed by grafana container at startup | `nil` | -| `testFramework.enabled` | Whether to create test-related resources | `true` | -| `testFramework.image` | `test-framework` image repository. | `bats/bats` | -| `testFramework.tag` | `test-framework` image tag. | `v1.4.1` | -| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` | -| `testFramework.securityContext` | `test-framework` securityContext | `{}` | -| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` | -| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` | -| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` | -| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` | -| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` | -| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` | -| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` | -| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) | -| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` | -| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | | -| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` | -| `serviceMonitor.path` | Path to scrape | `/metrics` | -| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` | -| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` | -| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` | -| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` | -| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` | -| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` | -| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` | -| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` | -| `imageRenderer.image.tag` | image-renderer Image tag | `latest` | -| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` | -| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` | -| `imageRenderer.env` | extra env-vars for image-renderer | `{}` | -| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` | -| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` | -| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` | -| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` | -| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` | -| `imageRenderer.service.portName` | image-renderer service port name | `http` | -| `imageRenderer.service.port` | image-renderer port used by deployment | `8081` | -| `imageRenderer.service.targetPort` | image-renderer service port used by service | `8081` | -| `imageRenderer.appProtocol` | Adds the appProtocol field to the service | `` | -| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` | -| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` | -| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` | -| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` | -| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` | -| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` | -| `imageRenderer.nodeSelector` | Node labels for pod assignment | `{}` | -| `imageRenderer.tolerations` | Toleration labels for pod assignment | `[]` | -| `imageRenderer.affinity` | Affinity settings for pod assignment | `{}` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources. | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed | `{}` | -| `networkPolicy.ingress` | Enable the creation of an ingress network policy | `true` | -| `networkPolicy.egress.enabled` | Enable the creation of an egress network policy | `false` | -| `networkPolicy.egress.ports` | An array of ports to allow for the egress | `[]` | -| `enableKubeBackwardCompatibility` | Enable backward compatibility of kubernetes where pod's defintion version below 1.13 doesn't have the enableServiceLinks option | `false` | - - - -### Example ingress with path - -With grafana 6.3 and above -```yaml -grafana.ini: - server: - domain: monitoring.example.com - root_url: "%(protocol)s://%(domain)s/grafana" - serve_from_sub_path: true -ingress: - enabled: true - hosts: - - "monitoring.example.com" - path: "/grafana" -``` - -### Example of extraVolumeMounts - -Volume can be type persistentVolumeClaim or hostPath but not both at same time. -If neither existingClaim or hostPath argument is given then type is emptyDir. - -```yaml -- extraVolumeMounts: - - name: plugins - mountPath: /var/lib/grafana/plugins - subPath: configs/grafana/plugins - existingClaim: existing-grafana-claim - readOnly: false - - name: dashboards - mountPath: /var/lib/grafana/dashboards - hostPath: /usr/shared/grafana/dashboards - readOnly: false -``` - -## Import dashboards - -There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: - -```yaml -dashboards: - default: - some-dashboard: - json: | - { - "annotations": - - ... - # Complete json file here - ... - - "title": "Some Dashboard", - "uid": "abcd1234", - "version": 1 - } - custom-dashboard: - # This is a path to a file inside the dashboards directory inside the chart directory - file: dashboards/custom-dashboard.json - prometheus-stats: - # Ref: https://grafana.com/dashboards/2 - gnetId: 2 - revision: 2 - datasource: Prometheus - local-dashboard: - url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json -``` - -## BASE64 dashboards - -Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) -A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. -If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. - -### Gerrit use case - -Gerrit API for download files has the following schema: where {project-name} and -{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard -the url value is - -## Sidecar for dashboards - -If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana -pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with -a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written -to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported -dashboards are deleted/updated. - -A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside -one configmap is currently not properly mirrored in grafana. - -Example dashboard config: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: sample-grafana-dashboard - labels: - grafana_dashboard: "1" -data: - k8s-dashboard.json: |- - [...] -``` - -## Sidecar for datasources - -If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana -pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and -filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in -those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, -the data sources in grafana can be imported. - -Secrets are recommended over configmaps for this usecase because datasources usually contain private -data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those. - -Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): - -```yaml -datasources: - datasources.yaml: - apiVersion: 1 - datasources: - # name of the datasource. Required - - name: Graphite - # datasource type. Required - type: graphite - # access mode. proxy or direct (Server or Browser in the UI). Required - access: proxy - # org id. will default to orgId 1 if not specified - orgId: 1 - # url - url: http://localhost:8080 - # database password, if used - password: - # database user, if used - user: - # database name, if used - database: - # enable/disable basic auth - basicAuth: - # basic auth username - basicAuthUser: - # basic auth password - basicAuthPassword: - # enable/disable with credentials headers - withCredentials: - # mark as default datasource. Max one per org - isDefault: - # fields that will be converted to json and stored in json_data - jsonData: - graphiteVersion: "1.1" - tlsAuth: true - tlsAuthWithCACert: true - # json object of data that will be encrypted. - secureJsonData: - tlsCACert: "..." - tlsClientCert: "..." - tlsClientKey: "..." - version: 1 - # allow users to edit datasources from the UI. - editable: false -``` - -## Sidecar for notifiers - -If the parameter `sidecar.notifiers.enabled` is set, an init container is deployed in the grafana -pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and -filters out the ones with a label as defined in `sidecar.notifiers.label`. The files defined in -those secrets are written to a folder and accessed by grafana on startup. Using these yaml files, -the notification channels in grafana can be imported. The secrets must be created before -`helm install` so that the notifiers init container can list the secrets. - -Secrets are recommended over configmaps for this usecase because alert notification channels usually contain -private data like SMTP usernames and passwords. Secrets are the more appropriate cluster resource to manage those. - -Example datasource config adapted from [Grafana](https://grafana.com/docs/grafana/latest/administration/provisioning/#alert-notification-channels): - -```yaml -notifiers: - - name: notification-channel-1 - type: slack - uid: notifier1 - # either - org_id: 2 - # or - org_name: Main Org. - is_default: true - send_reminder: true - frequency: 1h - disable_resolve_message: false - # See `Supported Settings` section for settings supporter for each - # alert notification type. - settings: - recipient: 'XXX' - token: 'xoxb' - uploadImage: true - url: https://slack.com - -delete_notifiers: - - name: notification-channel-1 - uid: notifier1 - org_id: 2 - - name: notification-channel-2 - # default org_id: 1 -``` - -## How to serve Grafana with a path prefix (/grafana) - -In order to serve Grafana with a prefix (e.g., ), add the following to your values.yaml. - -```yaml -ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/rewrite-target: /$1 - nginx.ingress.kubernetes.io/use-regex: "true" - - path: /grafana/?(.*) - hosts: - - k8s.example.dev - -grafana.ini: - server: - root_url: http://localhost:3000/grafana # this host can be localhost -``` - -## How to securely reference secrets in grafana.ini - -This example uses Grafana [file providers](https://grafana.com/docs/grafana/latest/administration/configuration/#file-provider) for secret values and the `extraSecretMounts` configuration flag (Additional grafana server secret mounts) to mount the secrets. - -In grafana.ini: - -```yaml -grafana.ini: - [auth.generic_oauth] - enabled = true - client_id = $__file{/etc/secrets/auth_generic_oauth/client_id} - client_secret = $__file{/etc/secrets/auth_generic_oauth/client_secret} -``` - -Existing secret, or created along with helm: - -```yaml ---- -apiVersion: v1 -kind: Secret -metadata: - name: auth-generic-oauth-secret -type: Opaque -stringData: - client_id: - client_secret: -``` - -Include in the `extraSecretMounts` configuration flag: - -```yaml -- extraSecretMounts: - - name: auth-generic-oauth-secret-mount - secretName: auth-generic-oauth-secret - defaultMode: 0440 - mountPath: /etc/secrets/auth_generic_oauth - readOnly: true -``` - -### extraSecretMounts using a Container Storage Interface (CSI) provider - -This example uses a CSI driver e.g. retrieving secrets using [Azure Key Vault Provider](https://github.com/Azure/secrets-store-csi-driver-provider-azure) - -```yaml -- extraSecretMounts: - - name: secrets-store-inline - mountPath: /run/secrets - readOnly: true - csi: - driver: secrets-store.csi.k8s.io - readOnly: true - volumeAttributes: - secretProviderClass: "my-provider" - nodePublishSecretRef: - name: akv-creds -``` - -## Image Renderer Plug-In - -This chart supports enabling [remote image rendering](https://github.com/grafana/grafana-image-renderer/blob/master/README.md#run-in-docker) - -```yaml -imageRenderer: - enabled: true -``` - -### Image Renderer NetworkPolicy - -By default the image-renderer pods will have a network policy which only allows ingress traffic from the created grafana instance - -### High Availability for unified alerting - -If you want to run Grafana in a high availability cluster you need to enable -the headless service by setting `headlessService: true` in your `values.yaml` -file. - -As next step you have to setup the `grafana.ini` in your `values.yaml` in a way -that it will make use of the headless service to obtain all the IPs of the -cluster. You should replace ``{{ Name }}`` with the name of your helm deployment. - -```yaml -grafana.ini: - ... - unified_alerting: - enabled: true - ha_peers: {{ Name }}-headless:9094 - alerting: - enabled: false -``` diff --git a/charts/rancher-monitoring/charts/grafana/dashboards/custom-dashboard.json b/charts/rancher-monitoring/charts/grafana/dashboards/custom-dashboard.json deleted file mode 100644 index 9e26dfeeb..000000000 --- a/charts/rancher-monitoring/charts/grafana/dashboards/custom-dashboard.json +++ /dev/null @@ -1 +0,0 @@ -{} \ No newline at end of file diff --git a/charts/rancher-monitoring/charts/grafana/templates/NOTES.txt b/charts/rancher-monitoring/charts/grafana/templates/NOTES.txt deleted file mode 100644 index 1fc8436d9..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/NOTES.txt +++ /dev/null @@ -1,54 +0,0 @@ -1. Get your '{{ .Values.adminUser }}' user password by running: - - kubectl get secret --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath="{.data.admin-password}" | base64 --decode ; echo - -2. The Grafana server can be accessed via port {{ .Values.service.port }} on the following DNS name from within your cluster: - - {{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}.svc.cluster.local -{{ if .Values.ingress.enabled }} - If you bind grafana to 80, please update values in values.yaml and reinstall: - ``` - securityContext: - runAsUser: 0 - runAsGroup: 0 - fsGroup: 0 - - command: - - "setcap" - - "'cap_net_bind_service=+ep'" - - "/usr/sbin/grafana-server &&" - - "sh" - - "/run.sh" - ``` - Details refer to https://grafana.com/docs/installation/configuration/#http-port. - Or grafana would always crash. - - From outside the cluster, the server URL(s) are: -{{- range .Values.ingress.hosts }} - http://{{ . }} -{{- end }} -{{ else }} - Get the Grafana URL to visit by running these commands in the same shell: -{{ if contains "NodePort" .Values.service.type -}} - export NODE_PORT=$(kubectl get --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ template "grafana.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{ else if contains "LoadBalancer" .Values.service.type -}} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc --namespace {{ template "grafana.namespace" . }} -w {{ template "grafana.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ template "grafana.namespace" . }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - http://$SERVICE_IP:{{ .Values.service.port -}} -{{ else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ template "grafana.namespace" . }} -l "app.kubernetes.io/name={{ template "grafana.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl --namespace {{ template "grafana.namespace" . }} port-forward $POD_NAME 3000 -{{- end }} -{{- end }} - -3. Login with the password from step 1 and the username: {{ .Values.adminUser }} - -{{- if not .Values.persistence.enabled }} -################################################################################# -###### WARNING: Persistence is disabled!!! You will lose your data when ##### -###### the Grafana pod is terminated. ##### -################################################################################# -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/_helpers.tpl b/charts/rancher-monitoring/charts/grafana/templates/_helpers.tpl deleted file mode 100644 index e5e3b287d..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/_helpers.tpl +++ /dev/null @@ -1,214 +0,0 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "grafana.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "grafana.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "grafana.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account -*/}} -{{- define "grafana.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "grafana.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{- define "grafana.serviceAccountNameTest" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (print (include "grafana.fullname" .) "-test") .Values.serviceAccount.nameTest }} -{{- else -}} - {{ default "default" .Values.serviceAccount.nameTest }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "grafana.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "grafana.labels" -}} -helm.sh/chart: {{ include "grafana.chart" . }} -{{ include "grafana.selectorLabels" . }} -{{- if or .Chart.AppVersion .Values.image.tag }} -app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.extraLabels }} -{{ toYaml .Values.extraLabels }} -{{- end }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "grafana.selectorLabels" -}} -app.kubernetes.io/name: {{ include "grafana.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "grafana.imageRenderer.labels" -}} -helm.sh/chart: {{ include "grafana.chart" . }} -{{ include "grafana.imageRenderer.selectorLabels" . }} -{{- if or .Chart.AppVersion .Values.image.tag }} -app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Selector labels ImageRenderer -*/}} -{{- define "grafana.imageRenderer.selectorLabels" -}} -app.kubernetes.io/name: {{ include "grafana.name" . }}-image-renderer -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Looks if there's an existing secret and reuse its password. If not it generates -new password and use it. -*/}} -{{- define "grafana.password" -}} -{{- $secret := (lookup "v1" "Secret" (include "grafana.namespace" .) (include "grafana.fullname" .) ) -}} - {{- if $secret -}} - {{- index $secret "data" "admin-password" -}} - {{- else -}} - {{- (randAlphaNum 40) | b64enc | quote -}} - {{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for rbac. -*/}} -{{- define "grafana.rbac.apiVersion" -}} - {{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }} - {{- print "rbac.authorization.k8s.io/v1" -}} - {{- else -}} - {{- print "rbac.authorization.k8s.io/v1beta1" -}} - {{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for HorizontalPodAutoscaler. -*/}} -{{- define "grafana.hpa.apiVersion" -}} - {{- if .Capabilities.APIVersions.Has "autoscaling/v2" }} - {{- print "autoscaling/v2" -}} - {{- else if .Capabilities.APIVersions.Has "autoscaling/v1" }} - {{- print "autoscaling/v1" -}} - {{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for ingress. -*/}} -{{- define "grafana.ingress.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" .Capabilities.KubeVersion.Version) -}} - {{- print "networking.k8s.io/v1" -}} - {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} - {{- print "networking.k8s.io/v1beta1" -}} - {{- else -}} - {{- print "extensions/v1beta1" -}} - {{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for podDisruptionBudget. -*/}} -{{- define "grafana.podDisruptionBudget.apiVersion" -}} - {{- if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}} - {{- print "policy/v1" -}} - {{- else -}} - {{- print "policy/v1beta1" -}} - {{- end -}} -{{- end -}} - -{{/* -Return if ingress is stable. -*/}} -{{- define "grafana.ingress.isStable" -}} - {{- eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1" -}} -{{- end -}} - -{{/* -Return if ingress supports ingressClassName. -*/}} -{{- define "grafana.ingress.supportsIngressClassName" -}} - {{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} -{{- end -}} - -{{/* -Return if ingress supports pathType. -*/}} -{{- define "grafana.ingress.supportsPathType" -}} - {{- or (eq (include "grafana.ingress.isStable" .) "true") (and (eq (include "grafana.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" .Capabilities.KubeVersion.Version)) -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/grafana/templates/_pod.tpl b/charts/rancher-monitoring/charts/grafana/templates/_pod.tpl deleted file mode 100644 index b74d03181..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/_pod.tpl +++ /dev/null @@ -1,895 +0,0 @@ -{{- define "grafana.pod" -}} -{{- if .Values.schedulerName }} -schedulerName: "{{ .Values.schedulerName }}" -{{- end }} -serviceAccountName: {{ template "grafana.serviceAccountName" . }} -automountServiceAccountToken: {{ .Values.serviceAccount.autoMount }} -{{- with .Values.securityContext }} -securityContext: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- with .Values.hostAliases }} -hostAliases: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- if .Values.priorityClassName }} -priorityClassName: {{ .Values.priorityClassName }} -{{- end }} -{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.notifiers.enabled .Values.extraInitContainers (and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources)) }} -initContainers: -{{- end }} -{{- if ( and .Values.persistence.enabled .Values.initChownData.enabled ) }} - - name: init-chown-data - {{- if .Values.initChownData.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}@sha256:{{ .Values.initChownData.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.initChownData.image.repository }}:{{ .Values.initChownData.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} - securityContext: - runAsNonRoot: false - runAsUser: 0 - command: ["chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.runAsGroup }}", "/var/lib/grafana"] - {{- with .Values.initChownData.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: storage - mountPath: "/var/lib/grafana" -{{- if .Values.persistence.subPath }} - subPath: {{ tpl .Values.persistence.subPath . }} -{{- end }} -{{- end }} -{{- if .Values.dashboards }} - - name: download-dashboards - {{- if .Values.downloadDashboardsImage.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} - command: ["/bin/sh"] - args: [ "-c", "mkdir -p /var/lib/grafana/dashboards/default && /bin/sh -x /etc/grafana/download_dashboards.sh" ] - {{- with .Values.downloadDashboards.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - env: -{{- range $key, $value := .Values.downloadDashboards.env }} - - name: "{{ $key }}" - value: "{{ $value }}" -{{- end }} - {{- with .Values.downloadDashboards.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} -{{- if .Values.downloadDashboards.envFromSecret }} - envFrom: - - secretRef: - name: {{ tpl .Values.downloadDashboards.envFromSecret . }} -{{- end }} - volumeMounts: - - name: config - mountPath: "/etc/grafana/download_dashboards.sh" - subPath: download_dashboards.sh - - name: storage - mountPath: "/var/lib/grafana" -{{- if .Values.persistence.subPath }} - subPath: {{ tpl .Values.persistence.subPath . }} -{{- end }} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - {{- end }} -{{- end }} -{{- if and .Values.sidecar.datasources.enabled .Values.sidecar.datasources.initDatasources }} - - name: {{ template "grafana.name" . }}-init-sc-datasources - {{- if .Values.sidecar.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.datasources.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: "LIST" - - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" - {{- if .Values.sidecar.datasources.labelValue }} - - name: LABEL_VALUE - value: {{ quote .Values.sidecar.datasources.labelValue }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - - name: RESOURCE - value: {{ quote .Values.sidecar.datasources.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" - {{- end }} - {{- if .Values.sidecar.datasources.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (.Values.sidecar.datasources.searchNamespace | join ",") . }}" - {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end }} -{{- if .Values.sidecar.notifiers.enabled }} - - name: {{ template "grafana.name" . }}-sc-notifiers - {{- if .Values.sidecar.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.notifiers.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.notifiers.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: LIST - - name: LABEL - value: "{{ .Values.sidecar.notifiers.label }}" - {{- if .Values.sidecar.notifiers.labelValue }} - - name: LABEL_VALUE - value: {{ quote .Values.sidecar.notifiers.labelValue }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.notifiers.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/notifiers" - - name: RESOURCE - value: {{ quote .Values.sidecar.notifiers.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" - {{- end }} - {{- if .Values.sidecar.notifiers.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (.Values.sidecar.notifiers.searchNamespace | join ",") . }}" - {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-notifiers-volume - mountPath: "/etc/grafana/provisioning/notifiers" -{{- end}} -{{- if .Values.extraInitContainers }} -{{ tpl (toYaml .Values.extraInitContainers) . | indent 2 }} -{{- end }} -{{- if .Values.image.pullSecrets }} -imagePullSecrets: -{{- $root := . }} -{{- range .Values.image.pullSecrets }} - - name: {{ tpl . $root }} -{{- end}} -{{- end }} -{{- if not .Values.enableKubeBackwardCompatibility }} -enableServiceLinks: {{ .Values.enableServiceLinks }} -{{- end }} -containers: -{{- if .Values.sidecar.dashboards.enabled }} - - name: {{ template "grafana.name" . }}-sc-dashboard - {{- if .Values.sidecar.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.dashboards.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.dashboards.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: {{ .Values.sidecar.dashboards.watchMethod }} - - name: LABEL - value: "{{ .Values.sidecar.dashboards.label }}" - {{- if .Values.sidecar.dashboards.labelValue }} - - name: LABEL_VALUE - value: {{ quote .Values.sidecar.dashboards.labelValue }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.dashboards.logLevel }} - {{- end }} - - name: FOLDER - value: "{{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }}" - - name: RESOURCE - value: {{ quote .Values.sidecar.dashboards.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" - {{- end }} - {{- if .Values.sidecar.dashboards.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (.Values.sidecar.dashboards.searchNamespace | join ",") . }}" - {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" - {{- end }} - {{- if .Values.sidecar.dashboards.folderAnnotation }} - - name: FOLDER_ANNOTATION - value: "{{ .Values.sidecar.dashboards.folderAnnotation }}" - {{- end }} - {{- if .Values.sidecar.dashboards.script }} - - name: SCRIPT - value: "{{ .Values.sidecar.dashboards.script }}" - {{- end }} - {{- if .Values.sidecar.dashboards.watchServerTimeout }} - {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchServerTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} - {{- end }} - - name: WATCH_SERVER_TIMEOUT - value: "{{ .Values.sidecar.dashboards.watchServerTimeout }}" - {{- end }} - {{- if .Values.sidecar.dashboards.watchClientTimeout }} - {{- if ne .Values.sidecar.dashboards.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.dashboards.watchClientTimeout with .Values.sidecar.dashboards.watchMethod %s" .Values.sidecar.dashboards.watchMethod) }} - {{- end }} - - name: WATCH_CLIENT_TIMEOUT - value: "{{ .Values.sidecar.dashboards.watchClientTimeout }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} - {{- if .Values.sidecar.dashboards.extraMounts }} - {{- toYaml .Values.sidecar.dashboards.extraMounts | trim | nindent 6}} - {{- end }} -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} - - name: {{ template "grafana.name" . }}-sc-datasources - {{- if .Values.sidecar.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.datasources.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.datasources.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: {{ .Values.sidecar.datasources.watchMethod }} - - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" - {{- if .Values.sidecar.datasources.labelValue }} - - name: LABEL_VALUE - value: {{ quote .Values.sidecar.datasources.labelValue }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.datasources.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - - name: RESOURCE - value: {{ quote .Values.sidecar.datasources.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" - {{- end }} - {{- if .Values.sidecar.datasources.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (.Values.sidecar.datasources.searchNamespace | join ",") . }}" - {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" - {{- end }} - {{- if .Values.sidecar.datasources.script }} - - name: SCRIPT - value: "{{ .Values.sidecar.datasources.script }}" - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if not .Values.sidecar.datasources.skipReload }} - - name: REQ_URL - value: {{ .Values.sidecar.datasources.reloadURL }} - - name: REQ_METHOD - value: POST - {{- end }} - {{- if .Values.sidecar.datasources.watchServerTimeout }} - {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.datasources.watchServerTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }} - {{- end }} - - name: WATCH_SERVER_TIMEOUT - value: "{{ .Values.sidecar.datasources.watchServerTimeout }}" - {{- end }} - {{- if .Values.sidecar.datasources.watchClientTimeout }} - {{- if ne .Values.sidecar.datasources.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.datasources.watchClientTimeout with .Values.sidecar.datasources.watchMethod %s" .Values.sidecar.datasources.watchMethod) }} - {{- end }} - - name: WATCH_CLIENT_TIMEOUT - value: "{{ .Values.sidecar.datasources.watchClientTimeout }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} -{{- if .Values.sidecar.plugins.enabled }} - - name: {{ template "grafana.name" . }}-sc-plugins - {{- if .Values.sidecar.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}@sha256:{{ .Values.sidecar.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.sidecar.image.repository }}:{{ .Values.sidecar.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - {{- range $key, $value := .Values.sidecar.plugins.env }} - - name: "{{ $key }}" - value: "{{ $value }}" - {{- end }} - {{- if .Values.sidecar.plugins.ignoreAlreadyProcessed }} - - name: IGNORE_ALREADY_PROCESSED - value: "true" - {{- end }} - - name: METHOD - value: {{ .Values.sidecar.plugins.watchMethod }} - - name: LABEL - value: "{{ .Values.sidecar.plugins.label }}" - {{- if .Values.sidecar.plugins.labelValue }} - - name: LABEL_VALUE - value: {{ quote .Values.sidecar.plugins.labelValue }} - {{- end }} - {{- if or .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }} - - name: LOG_LEVEL - value: {{ default .Values.sidecar.logLevel .Values.sidecar.plugins.logLevel }} - {{- end }} - - name: FOLDER - value: "/etc/grafana/provisioning/plugins" - - name: RESOURCE - value: {{ quote .Values.sidecar.plugins.resource }} - {{- if .Values.sidecar.enableUniqueFilenames }} - - name: UNIQUE_FILENAMES - value: "{{ .Values.sidecar.enableUniqueFilenames }}" - {{- end }} - {{- if .Values.sidecar.plugins.searchNamespace }} - - name: NAMESPACE - value: "{{ tpl (.Values.sidecar.plugins.searchNamespace | join ",") . }}" - {{- end }} - {{- if .Values.sidecar.plugins.script }} - - name: SCRIPT - value: "{{ .Values.sidecar.plugins.script }}" - {{- end }} - {{- if .Values.sidecar.skipTlsVerify }} - - name: SKIP_TLS_VERIFY - value: "{{ .Values.sidecar.skipTlsVerify }}" - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_USERNAME - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: REQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if not .Values.sidecar.plugins.skipReload }} - - name: REQ_URL - value: {{ .Values.sidecar.plugins.reloadURL }} - - name: REQ_METHOD - value: POST - {{- end }} - {{- if .Values.sidecar.plugins.watchServerTimeout }} - {{- if ne .Values.sidecar.plugins.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.plugins.watchServerTimeout with .Values.sidecar.plugins.watchMethod %s" .Values.sidecar.plugins.watchMethod) }} - {{- end }} - - name: WATCH_SERVER_TIMEOUT - value: "{{ .Values.sidecar.plugins.watchServerTimeout }}" - {{- end }} - {{- if .Values.sidecar.plugins.watchClientTimeout }} - {{- if ne .Values.sidecar.plugins.watchMethod "WATCH" }} - {{- fail (printf "Cannot use .Values.sidecar.plugins.watchClientTimeout with .Values.sidecar.plugins.watchMethod %s" .Values.sidecar.plugins.watchMethod) }} - {{- end }} - - name: WATCH_CLIENT_TIMEOUT - value: "{{ .Values.sidecar.plugins.watchClientTimeout }}" - {{- end }} - {{- with .Values.sidecar.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.sidecar.securityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: sc-plugins-volume - mountPath: "/etc/grafana/provisioning/plugins" -{{- end}} - - name: {{ .Chart.Name }} - {{- if .Values.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}@sha256:{{ .Values.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.command }} - command: - {{- range .Values.command }} - - {{ . }} - {{- end }} - {{- end}} - {{- with .Values.containerSecurityContext }} - securityContext: - {{- toYaml . | nindent 6 }} - {{- end }} - volumeMounts: - - name: config - mountPath: "/etc/grafana/grafana.ini" - subPath: grafana.ini - {{- if .Values.ldap.enabled }} - - name: ldap - mountPath: "/etc/grafana/ldap.toml" - subPath: ldap.toml - {{- end }} - {{- $root := . }} - {{- range .Values.extraConfigmapMounts }} - - name: {{ tpl .name $root }} - mountPath: {{ tpl .mountPath $root }} - subPath: {{ (tpl .subPath $root) | default "" }} - readOnly: {{ .readOnly }} - {{- end }} - - name: storage - mountPath: "/var/lib/grafana" -{{- if .Values.persistence.subPath }} - subPath: {{ tpl .Values.persistence.subPath . }} -{{- end }} -{{- if .Values.dashboards }} -{{- range $provider, $dashboards := .Values.dashboards }} -{{- range $key, $value := $dashboards }} -{{- if (or (hasKey $value "json") (hasKey $value "file")) }} - - name: dashboards-{{ $provider }} - mountPath: "/var/lib/grafana/dashboards/{{ $provider }}/{{ $key }}.json" - subPath: "{{ $key }}.json" -{{- end }} -{{- end }} -{{- end }} -{{- end -}} -{{- if .Values.dashboardsConfigMaps }} -{{- range (keys .Values.dashboardsConfigMaps | sortAlpha) }} - - name: dashboards-{{ . }} - mountPath: "/var/lib/grafana/dashboards/{{ . }}" -{{- end }} -{{- end }} -{{- if .Values.datasources }} -{{- range (keys .Values.datasources | sortAlpha) }} - - name: config - mountPath: "/etc/grafana/provisioning/datasources/{{ . }}" - subPath: {{ . | quote }} -{{- end }} -{{- end }} -{{- if .Values.notifiers }} -{{- range (keys .Values.notifiers | sortAlpha) }} - - name: config - mountPath: "/etc/grafana/provisioning/notifiers/{{ . }}" - subPath: {{ . | quote }} -{{- end }} -{{- end }} -{{- if .Values.alerting }} -{{- range (keys .Values.alerting | sortAlpha) }} - - name: config - mountPath: "/etc/grafana/provisioning/alerting/{{ . }}" - subPath: {{ . | quote }} -{{- end }} -{{- end }} -{{- if .Values.dashboardProviders }} -{{- range (keys .Values.dashboardProviders | sortAlpha) }} - - name: config - mountPath: "/etc/grafana/provisioning/dashboards/{{ . }}" - subPath: {{ . | quote }} -{{- end }} -{{- end }} -{{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume - mountPath: {{ .Values.sidecar.dashboards.folder | quote }} -{{ if .Values.sidecar.dashboards.SCProvider }} - - name: sc-dashboard-provider - mountPath: "/etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml" - subPath: provider.yaml -{{- end}} -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" -{{- end}} -{{- if .Values.sidecar.plugins.enabled }} - - name: sc-plugins-volume - mountPath: "/etc/grafana/provisioning/plugins" -{{- end}} -{{- if .Values.sidecar.notifiers.enabled }} - - name: sc-notifiers-volume - mountPath: "/etc/grafana/provisioning/notifiers" -{{- end}} - {{- range .Values.extraSecretMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - readOnly: {{ .readOnly }} - subPath: {{ .subPath | default "" }} - {{- end }} - {{- range .Values.extraVolumeMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - subPath: {{ .subPath | default "" }} - readOnly: {{ .readOnly }} - {{- end }} - {{- range .Values.extraEmptyDirMounts }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - {{- end }} - ports: - - name: {{ .Values.podPortName }} - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - env: - {{- if and (not .Values.env.GF_SECURITY_ADMIN_USER) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: GF_SECURITY_ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.userKey | default "admin-user" }} - {{- end }} - {{- if and (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - - name: GF_SECURITY_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ (tpl .Values.admin.existingSecret .) | default (include "grafana.fullname" .) }} - key: {{ .Values.admin.passwordKey | default "admin-password" }} - {{- end }} - {{- if .Values.plugins }} - - name: GF_INSTALL_PLUGINS - valueFrom: - configMapKeyRef: - name: {{ template "grafana.fullname" . }} - key: plugins - {{- end }} - {{- if .Values.smtp.existingSecret }} - - name: GF_SMTP_USER - valueFrom: - secretKeyRef: - name: {{ .Values.smtp.existingSecret }} - key: {{ .Values.smtp.userKey | default "user" }} - - name: GF_SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.smtp.existingSecret }} - key: {{ .Values.smtp.passwordKey | default "password" }} - {{- end }} - {{- if .Values.imageRenderer.enabled }} - - name: GF_RENDERING_SERVER_URL - value: http://{{ template "grafana.fullname" . }}-image-renderer.{{ template "grafana.namespace" . }}:{{ .Values.imageRenderer.service.port }}/render - - name: GF_RENDERING_CALLBACK_URL - value: {{ .Values.imageRenderer.grafanaProtocol }}://{{ template "grafana.fullname" . }}.{{ template "grafana.namespace" . }}:{{ .Values.service.port }}/{{ .Values.imageRenderer.grafanaSubPath }} - {{- end }} - - name: GF_PATHS_DATA - value: {{ (get .Values "grafana.ini").paths.data }} - - name: GF_PATHS_LOGS - value: {{ (get .Values "grafana.ini").paths.logs }} - - name: GF_PATHS_PLUGINS - value: {{ (get .Values "grafana.ini").paths.plugins }} - - name: GF_PATHS_PROVISIONING - value: {{ (get .Values "grafana.ini").paths.provisioning }} - {{- range $key, $value := .Values.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: -{{ tpl (toYaml $value) $ | indent 10 }} - {{- end }} -{{- range $key, $value := .Values.env }} - - name: "{{ tpl $key $ }}" - value: "{{ tpl (print $value) $ }}" -{{- end }} - {{- if or .Values.envFromSecret (or .Values.envRenderSecret .Values.envFromSecrets) .Values.envFromConfigMaps }} - envFrom: - {{- if .Values.envFromSecret }} - - secretRef: - name: {{ tpl .Values.envFromSecret . }} - {{- end }} - {{- if .Values.envRenderSecret }} - - secretRef: - name: {{ template "grafana.fullname" . }}-env - {{- end }} - {{- range .Values.envFromSecrets }} - - secretRef: - name: {{ tpl .name $ }} - optional: {{ .optional | default false }} - {{- end }} - {{- range .Values.envFromConfigMaps }} - - configMapRef: - name: {{ tpl .name $ }} - optional: {{ .optional | default false }} - {{- end }} - {{- end }} - {{- with .Values.livenessProbe }} - livenessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.readinessProbe }} - readinessProbe: - {{- toYaml . | nindent 6 }} - {{- end }} -{{- if .Values.lifecycleHooks }} - lifecycle: {{ tpl (.Values.lifecycleHooks | toYaml) . | nindent 6 }} -{{- end }} - {{- with .Values.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} -{{- with .Values.extraContainers }} -{{ tpl . $ | indent 2 }} -{{- end }} -nodeSelector: {{ include "linux-node-selector" . | nindent 2 }} -{{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 2 }} -{{- end }} -{{- $root := . }} -{{- with .Values.affinity }} -affinity: -{{ tpl (toYaml .) $root | indent 2 }} -{{- end }} -{{- with .Values.topologySpreadConstraints }} -topologySpreadConstraints: - {{- toYaml . | nindent 2 }} -{{- end }} -tolerations: {{ include "linux-node-tolerations" . | nindent 2 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 2 }} -{{- end }} -volumes: - - name: config - configMap: - name: {{ template "grafana.fullname" . }} -{{- $root := . }} -{{- range .Values.extraConfigmapMounts }} - - name: {{ tpl .name $root }} - configMap: - name: {{ tpl .configMap $root }} - {{- if .items }} - items: {{ toYaml .items | nindent 6 }} - {{- end }} -{{- end }} - {{- if .Values.dashboards }} - {{- range (keys .Values.dashboards | sortAlpha) }} - - name: dashboards-{{ . }} - configMap: - name: {{ template "grafana.fullname" $ }}-dashboards-{{ . }} - {{- end }} - {{- end }} - {{- if .Values.dashboardsConfigMaps }} - {{ $root := . }} - {{- range $provider, $name := .Values.dashboardsConfigMaps }} - - name: dashboards-{{ $provider }} - configMap: - name: {{ tpl $name $root }} - {{- end }} - {{- end }} - {{- if .Values.ldap.enabled }} - - name: ldap - secret: - {{- if .Values.ldap.existingSecret }} - secretName: {{ .Values.ldap.existingSecret }} - {{- else }} - secretName: {{ template "grafana.fullname" . }} - {{- end }} - items: - - key: ldap-toml - path: ldap.toml - {{- end }} -{{- if and .Values.persistence.enabled (eq .Values.persistence.type "pvc") }} - - name: storage - persistentVolumeClaim: - claimName: {{ tpl (.Values.persistence.existingClaim | default (include "grafana.fullname" .)) . }} -{{- else if and .Values.persistence.enabled (eq .Values.persistence.type "statefulset") }} -# nothing -{{- else }} - - name: storage -{{- if .Values.persistence.inMemory.enabled }} - emptyDir: - medium: Memory -{{- if .Values.persistence.inMemory.sizeLimit }} - sizeLimit: {{ .Values.persistence.inMemory.sizeLimit }} -{{- end -}} -{{- else }} - emptyDir: {} -{{- end -}} -{{- end -}} -{{- if .Values.sidecar.dashboards.enabled }} - - name: sc-dashboard-volume -{{- if .Values.sidecar.dashboards.sizeLimit }} - emptyDir: - sizeLimit: {{ .Values.sidecar.dashboards.sizeLimit }} -{{- else }} - emptyDir: {} -{{- end -}} -{{- if .Values.sidecar.dashboards.SCProvider }} - - name: sc-dashboard-provider - configMap: - name: {{ template "grafana.fullname" . }}-config-dashboards -{{- end }} -{{- end }} -{{- if .Values.sidecar.datasources.enabled }} - - name: sc-datasources-volume -{{- if .Values.sidecar.datasources.sizeLimit }} - emptyDir: - sizeLimit: {{ .Values.sidecar.datasources.sizeLimit }} -{{- else }} - emptyDir: {} -{{- end -}} -{{- end -}} -{{- if .Values.sidecar.plugins.enabled }} - - name: sc-plugins-volume -{{- if .Values.sidecar.plugins.sizeLimit }} - emptyDir: - sizeLimit: {{ .Values.sidecar.plugins.sizeLimit }} -{{- else }} - emptyDir: {} -{{- end -}} -{{- end -}} -{{- if .Values.sidecar.notifiers.enabled }} - - name: sc-notifiers-volume -{{- if .Values.sidecar.notifiers.sizeLimit }} - emptyDir: - sizeLimit: {{ .Values.sidecar.notifiers.sizeLimit }} -{{- else }} - emptyDir: {} -{{- end -}} -{{- end -}} -{{- range .Values.extraSecretMounts }} -{{- if .secretName }} - - name: {{ .name }} - secret: - secretName: {{ .secretName }} - defaultMode: {{ .defaultMode }} - {{- if .items }} - items: {{ toYaml .items | nindent 6 }} - {{- end }} -{{- else if .projected }} - - name: {{ .name }} - projected: {{- toYaml .projected | nindent 6 }} -{{- else if .csi }} - - name: {{ .name }} - csi: {{- toYaml .csi | nindent 6 }} -{{- end }} -{{- end }} -{{- range .Values.extraVolumeMounts }} - - name: {{ .name }} - {{- if .existingClaim }} - persistentVolumeClaim: - claimName: {{ .existingClaim }} - {{- else if .hostPath }} - hostPath: - path: {{ .hostPath }} - {{- else if .csi }} - csi: - data: - {{ toYaml .data | nindent 6 }} - {{- else }} - emptyDir: {} - {{- end }} -{{- end }} -{{- range .Values.extraEmptyDirMounts }} - - name: {{ .name }} - emptyDir: {} -{{- end -}} -{{- if .Values.extraContainerVolumes }} -{{ tpl (toYaml .Values.extraContainerVolumes) . | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/clusterrole.yaml b/charts/rancher-monitoring/charts/grafana/templates/clusterrole.yaml deleted file mode 100644 index 154658b51..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/clusterrole.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.rbac.namespaced) (not .Values.rbac.useExistingRole) }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - name: {{ template "grafana.fullname" . }}-clusterrole -{{- if or .Values.sidecar.dashboards.enabled (or .Values.rbac.extraClusterRoleRules (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }} -rules: -{{- if or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled) }} -- apiGroups: [""] # "" indicates the core API group - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] -{{- end}} -{{- with .Values.rbac.extraClusterRoleRules }} -{{ toYaml . | indent 0 }} -{{- end}} -{{- else }} -rules: [] -{{- end}} -{{- end}} diff --git a/charts/rancher-monitoring/charts/grafana/templates/clusterrolebinding.yaml b/charts/rancher-monitoring/charts/grafana/templates/clusterrolebinding.yaml deleted file mode 100644 index 4accbfac0..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.rbac.namespaced) }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "grafana.fullname" . }}-clusterrolebinding - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -subjects: - - kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ template "grafana.namespace" . }} -roleRef: - kind: ClusterRole -{{- if (not .Values.rbac.useExistingRole) }} - name: {{ template "grafana.fullname" . }}-clusterrole -{{- else }} - name: {{ .Values.rbac.useExistingRole }} -{{- end }} - apiGroup: rbac.authorization.k8s.io -{{- end -}} diff --git a/charts/rancher-monitoring/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/rancher-monitoring/charts/grafana/templates/configmap-dashboard-provider.yaml deleted file mode 100644 index 65d73858e..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/configmap-dashboard-provider.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.sidecar.dashboards.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - name: {{ template "grafana.fullname" . }}-config-dashboards - namespace: {{ template "grafana.namespace" . }} -data: - provider.yaml: |- - apiVersion: 1 - providers: - - name: '{{ .Values.sidecar.dashboards.provider.name }}' - orgId: {{ .Values.sidecar.dashboards.provider.orgid }} - {{- if not .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - folder: '{{ .Values.sidecar.dashboards.provider.folder }}' - {{- end}} - type: {{ .Values.sidecar.dashboards.provider.type }} - disableDeletion: {{ .Values.sidecar.dashboards.provider.disableDelete }} - allowUiUpdates: {{ .Values.sidecar.dashboards.provider.allowUiUpdates }} - updateIntervalSeconds: {{ .Values.sidecar.dashboards.provider.updateIntervalSeconds | default 30 }} - options: - foldersFromFilesStructure: {{ .Values.sidecar.dashboards.provider.foldersFromFilesStructure }} - path: {{ .Values.sidecar.dashboards.folder }}{{- with .Values.sidecar.dashboards.defaultFolderName }}/{{ . }}{{- end }} -{{- end}} diff --git a/charts/rancher-monitoring/charts/grafana/templates/configmap.yaml b/charts/rancher-monitoring/charts/grafana/templates/configmap.yaml deleted file mode 100644 index 87460cd36..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/configmap.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- if .Values.createConfigmap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -data: -{{- if .Values.plugins }} - plugins: {{ join "," .Values.plugins }} -{{- end }} - grafana.ini: | -{{- range $elem, $elemVal := index .Values "grafana.ini" }} - {{- if not (kindIs "map" $elemVal) }} - {{- if kindIs "invalid" $elemVal }} - {{ $elem }} = - {{- else if kindIs "string" $elemVal }} - {{ $elem }} = {{ tpl $elemVal $ }} - {{- else }} - {{ $elem }} = {{ $elemVal }} - {{- end }} - {{- end }} -{{- end }} -{{- range $key, $value := index .Values "grafana.ini" }} - {{- if kindIs "map" $value }} - [{{ $key }}] - {{- range $elem, $elemVal := $value }} - {{- if kindIs "invalid" $elemVal }} - {{ $elem }} = - {{- else if kindIs "string" $elemVal }} - {{ $elem }} = {{ tpl $elemVal $ }} - {{- else }} - {{ $elem }} = {{ $elemVal }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} - -{{- if .Values.datasources }} -{{ $root := . }} - {{- range $key, $value := .Values.datasources }} - {{ $key }}: | -{{ tpl (toYaml $value | indent 4) $root }} - {{- end -}} -{{- end -}} - -{{- if .Values.notifiers }} - {{- range $key, $value := .Values.notifiers }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.alerting }} -{{ $root := . }} - {{- range $key, $value := .Values.alerting }} - {{ $key }}: | -{{ tpl (toYaml $value | indent 4) $root }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{ $key }}: | -{{ toYaml $value | indent 4 }} - {{- end -}} -{{- end -}} - -{{- if .Values.dashboards }} - download_dashboards.sh: | - #!/usr/bin/env sh - set -euf - {{- if .Values.dashboardProviders }} - {{- range $key, $value := .Values.dashboardProviders }} - {{- range $value.providers }} - mkdir -p {{ .options.path }} - {{- end }} - {{- end }} - {{- end }} - {{ $dashboardProviders := .Values.dashboardProviders }} - {{- range $provider, $dashboards := .Values.dashboards }} - {{- range $key, $value := $dashboards }} - {{- if (or (hasKey $value "gnetId") (hasKey $value "url")) }} - curl -skf \ - --connect-timeout 60 \ - --max-time 60 \ - {{- if not $value.b64content }} - -H "Accept: application/json" \ - {{- if $value.token }} - -H "Authorization: token {{ $value.token }}" \ - {{- end }} - {{- if $value.bearerToken }} - -H "Authorization: Bearer {{ $value.bearerToken }}" \ - {{- end }} - {{- if $value.gitlabToken }} - -H "PRIVATE-TOKEN: {{ $value.gitlabToken }}" \ - {{- end }} - -H "Content-Type: application/json;charset=UTF-8" \ - {{ end }} - {{- $dpPath := "" -}} - {{- range $kd := (index $dashboardProviders "dashboardproviders.yaml").providers -}} - {{- if eq $kd.name $provider -}} - {{- $dpPath = $kd.options.path -}} - {{- end -}} - {{- end -}} - {{- if $value.url -}}"{{ $value.url }}"{{- else -}}"https://grafana.com/api/dashboards/{{ $value.gnetId }}/revisions/{{- if $value.revision -}}{{ $value.revision }}{{- else -}}1{{- end -}}/download"{{- end -}}{{ if $value.datasource }} | sed '/-- .* --/! s/"datasource":.*,/"datasource": "{{ $value.datasource }}",/g'{{ end }}{{- if $value.b64content -}} | base64 -d {{- end -}} \ - > "{{- if $dpPath -}}{{ $dpPath }}{{- else -}}/var/lib/grafana/dashboards/{{ $provider }}{{- end -}}/{{ $key }}.json" - {{- end }} - {{- end -}} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/rancher-monitoring/charts/grafana/templates/dashboards-json-configmap.yaml deleted file mode 100644 index 59e0be641..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/dashboards-json-configmap.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.dashboards }} -{{ $files := .Files }} -{{- range $provider, $dashboards := .Values.dashboards }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} - namespace: {{ template "grafana.namespace" $ }} - labels: - {{- include "grafana.labels" $ | nindent 4 }} - dashboard-provider: {{ $provider }} -{{- if $dashboards }} -data: -{{- $dashboardFound := false }} -{{- range $key, $value := $dashboards }} -{{- if (or (hasKey $value "json") (hasKey $value "file")) }} -{{- $dashboardFound = true }} -{{ print $key | indent 2 }}.json: -{{- if hasKey $value "json" }} - |- -{{ $value.json | indent 6 }} -{{- end }} -{{- if hasKey $value "file" }} -{{ toYaml ( $files.Get $value.file ) | indent 4}} -{{- end }} -{{- end }} -{{- end }} -{{- if not $dashboardFound }} - {} -{{- end }} -{{- end }} ---- -{{- end }} - -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/deployment.yaml b/charts/rancher-monitoring/charts/grafana/templates/deployment.yaml deleted file mode 100644 index fee9c335a..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/deployment.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{ if (and (not .Values.useStatefulSet) (or (not .Values.persistence.enabled) (eq .Values.persistence.type "pvc"))) }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.labels }} -{{ toYaml .Values.labels | indent 4 }} -{{- end }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }} - replicas: {{ .Values.replicas }} - {{- end }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - selector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} -{{- with .Values.deploymentStrategy }} - strategy: -{{ toYaml . | trim | indent 4 }} -{{- end }} - template: - metadata: - labels: - {{- include "grafana.selectorLabels" . | nindent 8 }} -{{- with .Values.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} - checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} -{{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} -{{- if .Values.envRenderSecret }} - checksum/secret-env: {{ include (print $.Template.BasePath "/secret-env.yaml") . | sha256sum }} -{{- end }} -{{- with .Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- include "grafana.pod" . | indent 6 }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/extra-manifests.yaml b/charts/rancher-monitoring/charts/grafana/templates/extra-manifests.yaml deleted file mode 100644 index a9bb3b6ba..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/extra-manifests.yaml +++ /dev/null @@ -1,4 +0,0 @@ -{{ range .Values.extraObjects }} ---- -{{ tpl (toYaml .) $ }} -{{ end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/headless-service.yaml b/charts/rancher-monitoring/charts/grafana/templates/headless-service.yaml deleted file mode 100644 index b5faddcfc..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/headless-service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if or .Values.headlessService (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset"))}} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana.fullname" . }}-headless - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - clusterIP: None - selector: - {{- include "grafana.selectorLabels" . | nindent 4 }} - type: ClusterIP - ports: - - protocol: TCP - port: 3000 - targetPort: {{ .Values.service.targetPort }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/hpa.yaml b/charts/rancher-monitoring/charts/grafana/templates/hpa.yaml deleted file mode 100644 index 236a06d65..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/hpa.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: {{ template "grafana.hpa.apiVersion" . }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - app.kubernetes.io/name: {{ template "grafana.name" . }} - helm.sh/chart: {{ template "grafana.chart" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ template "grafana.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: -{{ toYaml .Values.autoscaling.metrics | indent 4 }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-deployment.yaml b/charts/rancher-monitoring/charts/grafana/templates/image-renderer-deployment.yaml deleted file mode 100644 index 97a8675b2..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-deployment.yaml +++ /dev/null @@ -1,123 +0,0 @@ -{{ if .Values.imageRenderer.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "grafana.fullname" . }}-image-renderer - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.imageRenderer.labels" . | nindent 4 }} -{{- if .Values.imageRenderer.labels }} -{{ toYaml .Values.imageRenderer.labels | indent 4 }} -{{- end }} -{{- with .Values.imageRenderer.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - replicas: {{ .Values.imageRenderer.replicas }} - revisionHistoryLimit: {{ .Values.imageRenderer.revisionHistoryLimit }} - selector: - matchLabels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} -{{- with .Values.imageRenderer.deploymentStrategy }} - strategy: -{{ toYaml . | trim | indent 4 }} -{{- end }} - template: - metadata: - labels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 8 }} -{{- with .Values.imageRenderer.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- with .Values.imageRenderer.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - - {{- if .Values.imageRenderer.schedulerName }} - schedulerName: "{{ .Values.imageRenderer.schedulerName }}" - {{- end }} - {{- if .Values.imageRenderer.serviceAccountName }} - serviceAccountName: "{{ .Values.imageRenderer.serviceAccountName }}" - {{- else }} - serviceAccountName: {{ template "grafana.serviceAccountName" . }} - {{- end }} - {{- if .Values.imageRenderer.securityContext }} - securityContext: - {{- toYaml .Values.imageRenderer.securityContext | nindent 8 }} - {{- end }} - {{- if .Values.imageRenderer.hostAliases }} - hostAliases: - {{- toYaml .Values.imageRenderer.hostAliases | nindent 8 }} - {{- end }} - {{- if .Values.imageRenderer.priorityClassName }} - priorityClassName: {{ .Values.imageRenderer.priorityClassName }} - {{- end }} - {{- if .Values.imageRenderer.image.pullSecrets }} - imagePullSecrets: - {{- $root := . }} - {{- range .Values.imageRenderer.image.pullSecrets }} - - name: {{ tpl . $root }} - {{- end}} - {{- end }} - containers: - - name: {{ .Chart.Name }}-image-renderer - {{- if .Values.imageRenderer.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}@sha256:{{ .Values.imageRenderer.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.imageRenderer.image.repository }}:{{ .Values.imageRenderer.image.tag }}" - {{- end }} - imagePullPolicy: {{ .Values.imageRenderer.image.pullPolicy }} - {{- if .Values.imageRenderer.command }} - command: - {{- range .Values.imageRenderer.command }} - - {{ . }} - {{- end }} - {{- end}} - ports: - - name: {{ .Values.imageRenderer.service.portName }} - containerPort: {{ .Values.imageRenderer.service.targetPort }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: {{ .Values.imageRenderer.service.portName }} - env: - - name: HTTP_PORT - value: {{ .Values.imageRenderer.service.targetPort | quote }} - {{- range $key, $value := .Values.imageRenderer.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - securityContext: - capabilities: - drop: ['all'] - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /tmp - name: image-renderer-tmpfs - {{- with .Values.imageRenderer.resources }} - resources: -{{ toYaml . | indent 12 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - {{- if .Values.imageRenderer.nodeSelector }} -{{ toYaml . | indent 8 }} - {{- end }} - {{- $root := . }} - {{- with .Values.imageRenderer.affinity }} - affinity: -{{ tpl (toYaml .) $root | indent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - {{- if .Values.imageRenderer.tolerations }} -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: image-renderer-tmpfs - emptyDir: {} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/rancher-monitoring/charts/grafana/templates/image-renderer-network-policy.yaml deleted file mode 100644 index 0d9bdfe4d..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-network-policy.yaml +++ /dev/null @@ -1,73 +0,0 @@ -{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitIngress) }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "grafana.fullname" . }}-image-renderer-ingress - namespace: {{ template "grafana.namespace" . }} - annotations: - comment: Limit image-renderer ingress traffic from grafana -spec: - podSelector: - matchLabels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} - {{- if .Values.imageRenderer.podLabels }} - {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} - {{- end }} - - policyTypes: - - Ingress - ingress: - - ports: - - port: {{ .Values.imageRenderer.service.targetPort }} - protocol: TCP - from: - - namespaceSelector: - matchLabels: - name: {{ template "grafana.namespace" . }} - podSelector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 14 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 14 }} - {{- end }} -{{ end }} - -{{- if and (.Values.imageRenderer.enabled) (.Values.imageRenderer.networkPolicy.limitEgress) }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "grafana.fullname" . }}-image-renderer-egress - namespace: {{ template "grafana.namespace" . }} - annotations: - comment: Limit image-renderer egress traffic to grafana -spec: - podSelector: - matchLabels: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 6 }} - {{- if .Values.imageRenderer.podLabels }} - {{ toYaml .Values.imageRenderer.podLabels | nindent 6 }} - {{- end }} - - policyTypes: - - Egress - egress: - # allow dns resolution - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP - # talk only to grafana - - ports: - - port: {{ .Values.service.port }} - protocol: TCP - to: - - podSelector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 14 }} - {{- if .Values.podLabels }} - {{ toYaml .Values.podLabels | nindent 14 }} - {{- end }} -{{ end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-service.yaml b/charts/rancher-monitoring/charts/grafana/templates/image-renderer-service.yaml deleted file mode 100644 index fcf707a3f..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/image-renderer-service.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{ if .Values.imageRenderer.enabled }} -{{ if .Values.imageRenderer.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana.fullname" . }}-image-renderer - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.imageRenderer.labels" . | nindent 4 }} -{{- if .Values.imageRenderer.service.labels }} -{{ toYaml .Values.imageRenderer.service.labels | indent 4 }} -{{- end }} -{{- with .Values.imageRenderer.service.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - type: ClusterIP - {{- if .Values.imageRenderer.service.clusterIP }} - clusterIP: {{ .Values.imageRenderer.service.clusterIP }} - {{end}} - ports: - - name: {{ .Values.imageRenderer.service.portName }} - port: {{ .Values.imageRenderer.service.port }} - protocol: TCP - targetPort: {{ .Values.imageRenderer.service.targetPort }} - {{- if .Values.imageRenderer.appProtocol }} - appProtocol: {{ .Values.imageRenderer.appProtocol }} - {{- end }} - selector: - {{- include "grafana.imageRenderer.selectorLabels" . | nindent 4 }} -{{ end }} -{{ end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/ingress.yaml b/charts/rancher-monitoring/charts/grafana/templates/ingress.yaml deleted file mode 100644 index 7699cecaa..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/ingress.yaml +++ /dev/null @@ -1,78 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $ingressApiIsStable := eq (include "grafana.ingress.isStable" .) "true" -}} -{{- $ingressSupportsIngressClassName := eq (include "grafana.ingress.supportsIngressClassName" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "grafana.ingress.supportsPathType" .) "true" -}} -{{- $fullName := include "grafana.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} -{{- $ingressPathType := .Values.ingress.pathType -}} -{{- $extraPaths := .Values.ingress.extraPaths -}} -apiVersion: {{ include "grafana.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $fullName }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.ingress.labels }} -{{ toYaml .Values.ingress.labels | indent 4 }} -{{- end }} - {{- if .Values.ingress.annotations }} - annotations: - {{- range $key, $value := .Values.ingress.annotations }} - {{ $key }}: {{ tpl $value $ | quote }} - {{- end }} - {{- end }} -spec: - {{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }} - ingressClassName: {{ .Values.ingress.ingressClassName }} - {{- end -}} -{{- if .Values.ingress.tls }} - tls: -{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }} -{{- end }} - rules: - {{- if .Values.ingress.hosts }} - {{- range .Values.ingress.hosts }} - - host: {{ tpl . $}} - http: - paths: -{{- if $extraPaths }} -{{ toYaml $extraPaths | indent 10 }} -{{- end }} - - path: {{ $ingressPath }} - {{- if $ingressSupportsPathType }} - pathType: {{ $ingressPathType }} - {{- end }} - backend: - {{- if $ingressApiIsStable }} - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end }} - {{- else }} - - http: - paths: - - backend: - {{- if $ingressApiIsStable }} - service: - name: {{ $fullName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- if $ingressPath }} - path: {{ $ingressPath }} - {{- end }} - {{- if $ingressSupportsPathType }} - pathType: {{ $ingressPathType }} - {{- end }} - {{- end -}} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/networkpolicy.yaml b/charts/rancher-monitoring/charts/grafana/templates/networkpolicy.yaml deleted file mode 100644 index b751d9436..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/networkpolicy.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.labels }} - {{ toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - policyTypes: - {{- if .Values.networkPolicy.ingress }} - - Ingress - {{- end }} - {{- if .Values.networkPolicy.egress.enabled }} - - Egress - {{- end }} - podSelector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} - - {{- if .Values.networkPolicy.egress.enabled }} - egress: - - ports: - {{ .Values.networkPolicy.egress.ports | toJson }} - {{- end }} - {{- if .Values.networkPolicy.ingress }} - ingress: - - ports: - - port: {{ .Values.service.targetPort }} - {{- if not .Values.networkPolicy.allowExternal }} - from: - - podSelector: - matchLabels: - {{ template "grafana.fullname" . }}-client: "true" - {{- with .Values.networkPolicy.explicitNamespacesSelector }} - - namespaceSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - - podSelector: - matchLabels: - {{- include "grafana.labels" . | nindent 14 }} - role: read - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/nginx-config.yaml b/charts/rancher-monitoring/charts/grafana/templates/nginx-config.yaml deleted file mode 100644 index 557471f6f..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/nginx-config.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: grafana-nginx-proxy-config - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -data: - nginx.conf: |- - worker_processes auto; - error_log /dev/stdout warn; - pid /var/cache/nginx/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - server { - listen 8080; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location /api/dashboards { - proxy_pass http://localhost:3000; - } - - location /api/search { - proxy_pass http://localhost:3000; - - sub_filter_types application/json; - sub_filter_once off; - } - - location /api/live/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $http_host; - proxy_pass http://localhost:3000; - } - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://localhost:3000/; - - sub_filter_once off; - - {{- if eq .Values.global.cattle.clusterId "local" -}} - sub_filter '"appSubUrl":""' '"appSubUrl":"/api/v1/namespaces/{{ template "grafana.namespace" . }}/services/http:{{ template "grafana.fullname" . }}:{{ .Values.service.port }}/proxy"'; - {{- else -}} - sub_filter '"appSubUrl":""' '"appSubUrl":"/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ template "grafana.namespace" . }}/services/http:{{ template "grafana.fullname" . }}:{{ .Values.service.port }}/proxy"'; - {{- end -}} - - sub_filter ':"/avatar/' ':"avatar/'; - - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - - rewrite ^/k8s/clusters/.*/proxy(.*) /$1 break; - - } - } - } diff --git a/charts/rancher-monitoring/charts/grafana/templates/poddisruptionbudget.yaml b/charts/rancher-monitoring/charts/grafana/templates/poddisruptionbudget.yaml deleted file mode 100644 index 70901b70c..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.podDisruptionBudget }} -apiVersion: {{ include "grafana.podDisruptionBudget.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.labels }} -{{ toYaml .Values.labels | indent 4 }} -{{- end }} -spec: -{{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} -{{- end }} -{{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} -{{- end }} - selector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/podsecuritypolicy.yaml b/charts/rancher-monitoring/charts/grafana/templates/podsecuritypolicy.yaml deleted file mode 100644 index 82d295ad1..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "grafana.fullname" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.rbac.pspAnnotations }} - annotations: {{ toYaml .Values.rbac.pspAnnotations | nindent 4 }} -{{- end }} -spec: - privileged: false - allowPrivilegeEscalation: false - requiredDropCapabilities: - # Default set from Docker, with DAC_OVERRIDE and CHOWN - - ALL - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'csi' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/pvc.yaml b/charts/rancher-monitoring/charts/grafana/templates/pvc.yaml deleted file mode 100644 index 8a3ee1222..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/pvc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "pvc")}} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- with .Values.persistence.annotations }} - annotations: -{{ toYaml . | indent 4 }} - {{- end }} - {{- with .Values.persistence.finalizers }} - finalizers: -{{ toYaml . | indent 4 }} - {{- end }} -spec: - accessModes: -{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} -{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} - resources: - requests: - storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size | quote }} - {{- if .Values.persistence.storageClassName }} - storageClassName: {{ .Values.persistence.storageClassName }} - {{- end -}} - {{- with .Values.persistence.selectorLabels }} - selector: - matchLabels: -{{ toYaml . | indent 6 }} - {{- end }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/grafana/templates/role.yaml b/charts/rancher-monitoring/charts/grafana/templates/role.yaml deleted file mode 100644 index 80e2c596a..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/role.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if and .Values.rbac.create (not .Values.rbac.useExistingRole) -}} -apiVersion: {{ template "grafana.rbac.apiVersion" . }} -kind: Role -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -{{- if or .Values.global.cattle.psp.enabled (and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled (or .Values.sidecar.plugins.enabled .Values.rbac.extraRoleRules)))) }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "grafana.fullname" . }}] -{{- end }} -{{- if and .Values.rbac.namespaced (or .Values.sidecar.dashboards.enabled (or .Values.sidecar.datasources.enabled .Values.sidecar.plugins.enabled)) }} -- apiGroups: [""] # "" indicates the core API group - resources: ["configmaps", "secrets"] - verbs: ["get", "watch", "list"] -{{- end }} -{{- with .Values.rbac.extraRoleRules }} -{{ toYaml . | indent 0 }} -{{- end}} -{{- else }} -rules: [] -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/rolebinding.yaml b/charts/rancher-monitoring/charts/grafana/templates/rolebinding.yaml deleted file mode 100644 index e0107255e..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/rolebinding.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: {{ template "grafana.rbac.apiVersion" . }} -kind: RoleBinding -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role -{{- if (not .Values.rbac.useExistingRole) }} - name: {{ template "grafana.fullname" . }} -{{- else }} - name: {{ .Values.rbac.useExistingRole }} -{{- end }} -subjects: -- kind: ServiceAccount - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ template "grafana.namespace" . }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/grafana/templates/secret-env.yaml b/charts/rancher-monitoring/charts/grafana/templates/secret-env.yaml deleted file mode 100644 index 5c09313e6..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/secret-env.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.envRenderSecret }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "grafana.fullname" . }}-env - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -type: Opaque -data: -{{- range $key, $val := .Values.envRenderSecret }} - {{ $key }}: {{ $val | b64enc | quote }} -{{- end -}} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/secret.yaml b/charts/rancher-monitoring/charts/grafana/templates/secret.yaml deleted file mode 100644 index c8aa750ac..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/secret.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret)) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -type: Opaque -data: - {{- if and (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD) }} - admin-user: {{ .Values.adminUser | b64enc | quote }} - {{- if .Values.adminPassword }} - admin-password: {{ .Values.adminPassword | b64enc | quote }} - {{- else }} - admin-password: {{ template "grafana.password" . }} - {{- end }} - {{- end }} - {{- if not .Values.ldap.existingSecret }} - ldap-toml: {{ tpl .Values.ldap.config $ | b64enc | quote }} - {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/service.yaml b/charts/rancher-monitoring/charts/grafana/templates/service.yaml deleted file mode 100644 index d0a1756c6..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/service.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{ if .Values.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} -{{- $root := . }} -{{- with .Values.service.annotations }} - annotations: -{{ tpl (toYaml . | indent 4) $root }} -{{- end }} -spec: -{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }} - type: ClusterIP - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{end}} -{{- else if eq .Values.service.type "LoadBalancer" }} - type: {{ .Values.service.type }} - {{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} - {{- end }} - {{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.service.type }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} - ports: - - name: {{ .Values.service.portName }} - port: {{ .Values.service.port }} - protocol: TCP - targetPort: {{ .Values.service.targetPort }} - {{- if .Values.service.appProtocol }} - appProtocol: {{ .Values.service.appProtocol }} - {{- end }} - {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} - nodePort: {{.Values.service.nodePort}} - {{ end }} - {{- if .Values.extraExposePorts }} - {{- tpl (toYaml .Values.extraExposePorts) . | nindent 4 }} - {{- end }} - selector: - {{- include "grafana.selectorLabels" . | nindent 4 }} -{{ end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/serviceaccount.yaml b/charts/rancher-monitoring/charts/grafana/templates/serviceaccount.yaml deleted file mode 100644 index 4ccee15ed..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- $root := . }} -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ tpl (toYaml . | indent 4) $root }} -{{- end }} - name: {{ template "grafana.serviceAccountName" . }} - namespace: {{ template "grafana.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/servicemonitor.yaml b/charts/rancher-monitoring/charts/grafana/templates/servicemonitor.yaml deleted file mode 100644 index 31ab6b889..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/servicemonitor.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.serviceMonitor.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "grafana.fullname" . }} - {{- if .Values.serviceMonitor.namespace }} - namespace: {{ tpl .Values.serviceMonitor.namespace . }} - {{- else }} - namespace: {{ template "grafana.namespace" . }} - {{- end }} - labels: - {{- include "grafana.labels" . | nindent 4 }} - {{- if .Values.serviceMonitor.labels }} - {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} - {{- end }} -spec: - endpoints: - - port: {{ .Values.service.portName }} - {{- with .Values.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - honorLabels: true - path: {{ .Values.serviceMonitor.path }} - scheme: {{ .Values.serviceMonitor.scheme }} - {{- if .Values.serviceMonitor.tlsConfig }} - tlsConfig: - {{- toYaml .Values.serviceMonitor.tlsConfig | nindent 6 }} - {{- end }} - metricRelabelings: - {{- if .Values.serviceMonitor.metricRelabelings }} - {{- toYaml .Values.serviceMonitor.metricRelabelings | nindent 6 }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} - {{- if .Values.serviceMonitor.relabelings }} - relabelings: - {{- toYaml .Values.serviceMonitor.relabelings | nindent 4 }} - {{- end }} - jobLabel: "{{ .Release.Name }}" - selector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 8 }} - namespaceSelector: - matchNames: - - {{ template "grafana.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/statefulset.yaml b/charts/rancher-monitoring/charts/grafana/templates/statefulset.yaml deleted file mode 100644 index aa6f305e2..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/statefulset.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if (or (.Values.useStatefulSet) (and .Values.persistence.enabled (not .Values.persistence.existingClaim) (eq .Values.persistence.type "statefulset")))}} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "grafana.fullname" . }} - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -{{- with .Values.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - {{- include "grafana.selectorLabels" . | nindent 6 }} - serviceName: {{ template "grafana.fullname" . }}-headless - template: - metadata: - labels: - {{- include "grafana.selectorLabels" . | nindent 8 }} -{{- with .Values.podLabels }} -{{ toYaml . | indent 8 }} -{{- end }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/dashboards-json-config: {{ include (print $.Template.BasePath "/dashboards-json-configmap.yaml") . | sha256sum }} - checksum/sc-dashboard-provider-config: {{ include (print $.Template.BasePath "/configmap-dashboard-provider.yaml") . | sha256sum }} - {{- if and (or (and (not .Values.admin.existingSecret) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD__FILE) (not .Values.env.GF_SECURITY_ADMIN_PASSWORD)) (and .Values.ldap.enabled (not .Values.ldap.existingSecret))) (not .Values.env.GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION) }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} -{{- end }} -{{- with .Values.podAnnotations }} -{{ toYaml . | indent 8 }} -{{- end }} - spec: - {{- include "grafana.pod" . | nindent 6 }} - {{- if .Values.persistence.enabled}} - volumeClaimTemplates: - - metadata: - name: storage - spec: -{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }} -{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }} - accessModes: {{ .Values.persistence.accessModes }} - storageClassName: {{ .Values.persistence.storageClassName }} - resources: - requests: - storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size }} - {{- with .Values.persistence.selectorLabels }} - selector: - matchLabels: -{{ toYaml . | indent 10 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-configmap.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-configmap.yaml deleted file mode 100644 index ff53aaf1b..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-configmap.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.testFramework.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -data: - run.sh: |- - @test "Test Health" { - url="http://{{ template "grafana.fullname" . }}/api/health" - - code=$(wget --server-response --spider --timeout 10 --tries 1 ${url} 2>&1 | awk '/^ HTTP/{print $2}') - [ "$code" == "200" ] - } -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-podsecuritypolicy.yaml deleted file mode 100644 index 5dd736efc..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-podsecuritypolicy.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.testFramework.enabled .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "grafana.fullname" . }}-test - labels: - {{- include "grafana.labels" . | nindent 4 }} -spec: - allowPrivilegeEscalation: true - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - fsGroup: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - runAsUser: - rule: RunAsAny - volumes: - - configMap - - downwardAPI - - emptyDir - - projected - - csi - - secret -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-role.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-role.yaml deleted file mode 100644 index ea2f8c6b7..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.testFramework.enabled .Values.global.cattle.psp.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -rules: -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: [{{ template "grafana.fullname" . }}-test] -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-rolebinding.yaml deleted file mode 100644 index 7eda26512..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-rolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.testFramework.enabled .Values.global.cattle.psp.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "grafana.fullname" . }}-test - namespace: {{ template "grafana.namespace" . }} - labels: - {{- include "grafana.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "grafana.fullname" . }}-test -subjects: -- kind: ServiceAccount - name: {{ template "grafana.serviceAccountNameTest" . }} - namespace: {{ template "grafana.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test-serviceaccount.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test-serviceaccount.yaml deleted file mode 100644 index 5c3350733..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test-serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{- if and .Values.testFramework.enabled .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "grafana.labels" . | nindent 4 }} - name: {{ template "grafana.serviceAccountNameTest" . }} - namespace: {{ template "grafana.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/templates/tests/test.yaml b/charts/rancher-monitoring/charts/grafana/templates/tests/test.yaml deleted file mode 100644 index 3a84fbe00..000000000 --- a/charts/rancher-monitoring/charts/grafana/templates/tests/test.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if .Values.testFramework.enabled }} -apiVersion: v1 -kind: Pod -metadata: - name: {{ template "grafana.fullname" . }}-test - labels: - {{- include "grafana.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success - "helm.sh/hook-delete-policy": "before-hook-creation,hook-succeeded" - namespace: {{ template "grafana.namespace" . }} -spec: - serviceAccountName: {{ template "grafana.serviceAccountNameTest" . }} - {{- if .Values.testFramework.securityContext }} - securityContext: {{ toYaml .Values.testFramework.securityContext | nindent 4 }} - {{- end }} - {{- $root := . }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ tpl . $root }} - {{- end}} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 4 }} - {{- end }} - {{- $root := . }} - {{- with .Values.affinity }} - affinity: -{{ tpl (toYaml .) $root | indent 4 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} -{{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 4 }} -{{- end }} - containers: - - name: {{ .Release.Name }}-test - image: "{{ template "system_default_registry" . }}{{ .Values.testFramework.image}}:{{ .Values.testFramework.tag }}" - imagePullPolicy: "{{ .Values.testFramework.imagePullPolicy}}" - command: ["/opt/bats/bin/bats", "-t", "/tests/run.sh"] - volumeMounts: - - mountPath: /tests - name: tests - readOnly: true - volumes: - - name: tests - configMap: - name: {{ template "grafana.fullname" . }}-test - restartPolicy: Never -{{- end }} diff --git a/charts/rancher-monitoring/charts/grafana/values.yaml b/charts/rancher-monitoring/charts/grafana/values.yaml deleted file mode 100644 index aa0a8aef8..000000000 --- a/charts/rancher-monitoring/charts/grafana/values.yaml +++ /dev/null @@ -1,1088 +0,0 @@ -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - -rbac: - create: true - ## Use an existing ClusterRole/Role (depending on rbac.namespaced false/true) - # useExistingRole: name-of-some-(cluster)role - pspAnnotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - namespaced: false - extraRoleRules: [] - # - apiGroups: [] - # resources: [] - # verbs: [] - extraClusterRoleRules: [] - # - apiGroups: [] - # resources: [] - # verbs: [] -serviceAccount: - create: true - name: - nameTest: -## Service account annotations. Can be templated. -# annotations: -# eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-here - autoMount: true - -replicas: 1 - -## Create a headless service for the deployment -headlessService: false - -## Create HorizontalPodAutoscaler object for deployment type -# -autoscaling: - enabled: false -# minReplicas: 1 -# maxReplicas: 10 -# metrics: -# - type: Resource -# resource: -# name: cpu -# targetAverageUtilization: 60 -# - type: Resource -# resource: -# name: memory -# targetAverageUtilization: 60 - -## See `kubectl explain poddisruptionbudget.spec` for more -## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} -# minAvailable: 1 -# maxUnavailable: 1 - -## See `kubectl explain deployment.spec.strategy` for more -## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -deploymentStrategy: - type: RollingUpdate - -readinessProbe: - httpGet: - path: /api/health - port: 3000 - -livenessProbe: - httpGet: - path: /api/health - port: 3000 - initialDelaySeconds: 60 - timeoutSeconds: 30 - failureThreshold: 10 - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: "default-scheduler" - -image: - repository: rancher/mirrored-grafana-grafana - # Overrides the Grafana image tag whose default is the chart appVersion - tag: 9.1.5 - sha: "" - pullPolicy: IfNotPresent - - ## Optionally specify an array of imagePullSecrets. - ## Secrets must be manually created in the namespace. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## Can be templated. - ## - # pullSecrets: - # - myRegistrKeySecretName - -testFramework: - enabled: false - image: "rancher/mirrored-bats-bats" - tag: "v1.4.1" - imagePullPolicy: IfNotPresent - securityContext: - runAsNonRoot: true - runAsUser: 1000 - -securityContext: - runAsNonRoot: true - runAsUser: 472 - runAsGroup: 472 - fsGroup: 472 - -containerSecurityContext: - {} - -# Enable creating the grafana configmap -createConfigmap: true - -# Extra configmaps to mount in grafana pods -# Values are templated. -extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /etc/grafana/ssl/ - # subPath: certificates.crt # (optional) - # configMap: certs-configmap - # readOnly: true - - -extraEmptyDirMounts: [] - # - name: provisioning-notifiers - # mountPath: /etc/grafana/provisioning/notifiers - - -# Apply extra labels to common labels. -extraLabels: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: - -downloadDashboardsImage: - repository: rancher/mirrored-curlimages-curl - tag: 7.85.0 - sha: "" - pullPolicy: IfNotPresent - -downloadDashboards: - env: {} - envFromSecret: "" - resources: {} - securityContext: {} - -## Pod Annotations -# podAnnotations: {} - -## Pod Labels -# podLabels: {} - -podPortName: grafana - -## Deployment annotations -# annotations: {} - -## Expose the grafana service to be accessed from outside the cluster (LoadBalancer service). -## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it. -## ref: http://kubernetes.io/docs/user-guide/services/ -## -service: - enabled: true - type: ClusterIP - port: 80 - targetPort: 3000 - # targetPort: 4181 To be used with a proxy extraContainer - ## Service annotations. Can be templated. - annotations: {} - labels: {} - portName: service - # Adds the appProtocol field to the service. This allows to work with istio protocol selection. Ex: "http" or "tcp" - appProtocol: "" - -serviceMonitor: - ## If true, a ServiceMonitor CRD is created for a prometheus operator - ## https://github.com/coreos/prometheus-operator - ## - enabled: false - path: /metrics - # namespace: monitoring (defaults to use the namespace this chart is deployed to) - labels: {} - interval: 1m - scheme: http - tlsConfig: {} - scrapeTimeout: 30s - relabelings: [] - -extraExposePorts: [] - # - name: keycloak - # port: 8080 - # targetPort: 8080 - # type: ClusterIP - -# overrides pod.spec.hostAliases in the grafana deployment's pods -hostAliases: [] - # - ip: "1.2.3.4" - # hostnames: - # - "my.host.com" - -ingress: - enabled: false - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - # Values can be templated - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - path: / - - # pathType is only for k8s >= 1.18 - pathType: Prefix - - hosts: - - chart-example.local - ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. - extraPaths: [] - # - path: /* - # backend: - # serviceName: ssl-redirect - # servicePort: use-annotation - ## Or for k8s > 1.19 - # - path: /* - # pathType: Prefix - # backend: - # service: - # name: ssl-redirect - # port: - # name: use-annotation - - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -## Node labels for pod assignment -## ref: https://kubernetes.io/docs/user-guide/node-selection/ -# -nodeSelector: {} - -## Tolerations for pod assignment -## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -## -tolerations: [] - -## Affinity for pod assignment (evaluated as template) -## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -## -affinity: {} - -## Topology Spread Constraints -## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -## -topologySpreadConstraints: [] - -## Additional init containers (evaluated as template) -## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ -## -extraInitContainers: [] - -## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod -extraContainers: "" -# extraContainers: | -# - name: proxy -# image: quay.io/gambol99/keycloak-proxy:latest -# args: -# - -provider=github -# - -client-id= -# - -client-secret= -# - -github-org= -# - -email-domain=* -# - -cookie-secret= -# - -http-address=http://0.0.0.0:4181 -# - -upstream-url=http://127.0.0.1:3000 -# ports: -# - name: proxy-web -# containerPort: 4181 - -## Volumes that can be used in init containers that will not be mounted to deployment pods -extraContainerVolumes: [] -# - name: volume-from-secret -# secret: -# secretName: secret-to-mount -# - name: empty-dir-volume -# emptyDir: {} - -## Enable persistence using Persistent Volume Claims -## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ -## -persistence: - type: pvc - enabled: false - # storageClassName: default - accessModes: - - ReadWriteOnce - size: 10Gi - # annotations: {} - finalizers: - - kubernetes.io/pvc-protection - # selectorLabels: {} - ## Sub-directory of the PV to mount. Can be templated. - # subPath: "" - ## Name of an existing PVC. Can be templated. - # existingClaim: - - ## If persistence is not enabled, this allows to mount the - ## local storage in-memory to improve performance - ## - inMemory: - enabled: false - ## The maximum usage on memory medium EmptyDir would be - ## the minimum value between the SizeLimit specified - ## here and the sum of memory limits of all containers in a pod - ## - # sizeLimit: 300Mi - -initChownData: - ## If false, data ownership will not be reset at startup - ## This allows the prometheus-server to be run with an arbitrary user - ## - enabled: true - - ## initChownData container image - ## - image: - repository: rancher/mirrored-library-busybox - tag: "1.31.1" - sha: "" - pullPolicy: IfNotPresent - - ## initChownData resource requests and limits - ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - -# Administrator credentials when not using an existing secret (see below) -adminUser: admin -# adminPassword: strongpassword - -# Use an existing secret for the admin user. -admin: - ## Name of the secret. Can be templated. - existingSecret: "" - userKey: admin-user - passwordKey: admin-password - -## Define command to be executed at startup by grafana container -## Needed if using `vault-env` to manage secrets (ref: https://banzaicloud.com/blog/inject-secrets-into-pods-vault/) -## Default is "run.sh" as defined in grafana's Dockerfile -# command: -# - "sh" -# - "/run.sh" - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Extra environment variables that will be pass onto deployment pods -## -## to provide grafana with access to CloudWatch on AWS EKS: -## 1. create an iam role of type "Web identity" with provider oidc.eks.* (note the provider for later) -## 2. edit the "Trust relationships" of the role, add a line inside the StringEquals clause using the -## same oidc eks provider as noted before (same as the existing line) -## also, replace NAMESPACE and prometheus-operator-grafana with the service account namespace and name -## -## "oidc.eks.us-east-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:sub": "system:serviceaccount:NAMESPACE:prometheus-operator-grafana", -## -## 3. attach a policy to the role, you can use a built in policy called CloudWatchReadOnlyAccess -## 4. use the following env: (replace 123456789000 and iam-role-name-here with your aws account number and role name) -## -## env: -## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here -## AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token -## AWS_REGION: us-east-1 -## -## 5. uncomment the EKS section in extraSecretMounts: below -## 6. uncomment the annotation section in the serviceAccount: above -## make sure to replace arn:aws:iam::123456789000:role/iam-role-name-here with your role arn - -env: {} - -## "valueFrom" environment variable references that will be added to deployment pods. Name is templated. -## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core -## Renders in container spec as: -## env: -## ... -## - name: -## valueFrom: -## -envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - -## The name of a secret in the same kubernetes namespace which contain values to be added to the environment -## This can be useful for auth tokens, etc. Value is templated. -envFromSecret: "" - -## Sensible environment variables that will be rendered as new secret object -## This can be useful for auth tokens, etc -envRenderSecret: {} - -## The names of secrets in the same kubernetes namespace which contain values to be added to the environment -## Each entry should contain a name key, and can optionally specify whether the secret must be defined with an optional key. -## Name is templated. -envFromSecrets: [] -## - name: secret-name -## optional: true - -## The names of conifgmaps in the same kubernetes namespace which contain values to be added to the environment -## Each entry should contain a name key, and can optionally specify whether the configmap must be defined with an optional key. -## Name is templated. -## ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#configmapenvsource-v1-core -envFromConfigMaps: [] -## - name: configmap-name -## optional: true - -# Inject Kubernetes services as environment variables. -# See https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#environment-variables -enableServiceLinks: true - -## Additional grafana server secret mounts -# Defines additional mounts with secrets. Secrets must be manually created in the namespace. -extraSecretMounts: [] - # - name: secret-files - # mountPath: /etc/secrets - # secretName: grafana-secret-files - # readOnly: true - # subPath: "" - # - # for AWS EKS (cloudwatch) use the following (see also instruction in env: above) - # - name: aws-iam-token - # mountPath: /var/run/secrets/eks.amazonaws.com/serviceaccount - # readOnly: true - # projected: - # defaultMode: 420 - # sources: - # - serviceAccountToken: - # audience: sts.amazonaws.com - # expirationSeconds: 86400 - # path: token - # - # for CSI e.g. Azure Key Vault use the following - # - name: secrets-store-inline - # mountPath: /run/secrets - # readOnly: true - # csi: - # driver: secrets-store.csi.k8s.io - # readOnly: true - # volumeAttributes: - # secretProviderClass: "akv-grafana-spc" - # nodePublishSecretRef: # Only required when using service principal mode - # name: grafana-akv-creds # Only required when using service principal mode - -## Additional grafana server volume mounts -# Defines additional volume mounts. -extraVolumeMounts: [] - # - name: extra-volume-0 - # mountPath: /mnt/volume0 - # readOnly: true - # existingClaim: volume-claim - # - name: extra-volume-1 - # mountPath: /mnt/volume1 - # readOnly: true - # hostPath: /usr/shared/ - # - name: grafana-secrets - # csi: true - # data: - # driver: secrets-store.csi.k8s.io - # readOnly: true - # volumeAttributes: - # secretProviderClass: "grafana-env-spc" - -## Container Lifecycle Hooks. Execute a specific bash command or make an HTTP request -lifecycleHooks: {} - # postStart: - # exec: - # command: [] - -## Pass the plugins you want installed as a list. -## -plugins: [] - # - digrich-bubblechart-panel - # - grafana-clock-panel - -## Configure grafana datasources -## ref: http://docs.grafana.org/administration/provisioning/#datasources -## -datasources: {} -# datasources.yaml: -# apiVersion: 1 -# datasources: -# - name: Prometheus -# type: prometheus -# url: http://prometheus-prometheus-server -# access: proxy -# isDefault: true -# - name: CloudWatch -# type: cloudwatch -# access: proxy -# uid: cloudwatch -# editable: false -# jsonData: -# authType: default -# defaultRegion: us-east-1 - -## Configure grafana alerting (can be templated) -## ref: http://docs.grafana.org/administration/provisioning/#alerting -## -alerting: {} - # rules.yaml: - # apiVersion: 1 - # groups: - # - orgId: 1 - # name: '{{ .Chart.Name }}_my_rule_group' - # folder: my_first_folder - # interval: 60s - # rules: - # - uid: my_id_1 - # title: my_first_rule - # condition: A - # data: - # - refId: A - # datasourceUid: '-100' - # model: - # conditions: - # - evaluator: - # params: - # - 3 - # type: gt - # operator: - # type: and - # query: - # params: - # - A - # reducer: - # type: last - # type: query - # datasource: - # type: __expr__ - # uid: '-100' - # expression: 1==0 - # intervalMs: 1000 - # maxDataPoints: 43200 - # refId: A - # type: math - # dashboardUid: my_dashboard - # panelId: 123 - # noDataState: Alerting - # for: 60s - # annotations: - # some_key: some_value - # labels: - # team: sre_team_1 - # contactpoints.yaml: - # apiVersion: 1 - # contactPoints: - # - orgId: 1 - # name: cp_1 - # receivers: - # - uid: first_uid - # type: pagerduty - # settings: - # integrationKey: XXX - # severity: critical - # class: ping failure - # component: Grafana - # group: app-stack - # summary: | - # {{ `{{ template "default.message" . }}` }} - -## Configure notifiers -## ref: http://docs.grafana.org/administration/provisioning/#alert-notification-channels -## -notifiers: {} -# notifiers.yaml: -# notifiers: -# - name: email-notifier -# type: email -# uid: email1 -# # either: -# org_id: 1 -# # or -# org_name: Main Org. -# is_default: true -# settings: -# addresses: an_email_address@example.com -# delete_notifiers: - -## Configure grafana dashboard providers -## ref: http://docs.grafana.org/administration/provisioning/#dashboards -## -## `path` must be /var/lib/grafana/dashboards/ -## -dashboardProviders: {} -# dashboardproviders.yaml: -# apiVersion: 1 -# providers: -# - name: 'default' -# orgId: 1 -# folder: '' -# type: file -# disableDeletion: false -# editable: true -# options: -# path: /var/lib/grafana/dashboards/default - -## Configure grafana dashboard to import -## NOTE: To use dashboards you must also enable/configure dashboardProviders -## ref: https://grafana.com/dashboards -## -## dashboards per provider, use provider name as key. -## -dashboards: {} - # default: - # some-dashboard: - # json: | - # $RAW_JSON - # custom-dashboard: - # file: dashboards/custom-dashboard.json - # prometheus-stats: - # gnetId: 2 - # revision: 2 - # datasource: Prometheus - # local-dashboard: - # url: https://example.com/repository/test.json - # token: '' - # local-dashboard-base64: - # url: https://example.com/repository/test-b64.json - # token: '' - # b64content: true - # local-dashboard-gitlab: - # url: https://example.com/repository/test-gitlab.json - # gitlabToken: '' - # local-dashboard-bitbucket: - # url: https://example.com/repository/test-bitbucket.json - # bearerToken: '' - -## Reference to external ConfigMap per provider. Use provider name as key and ConfigMap name as value. -## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. -## ConfigMap data example: -## -## data: -## example-dashboard.json: | -## RAW_JSON -## -dashboardsConfigMaps: {} -# default: "" - -## Grafana's primary configuration -## NOTE: values in map will be converted to ini format -## ref: http://docs.grafana.org/installation/configuration/ -## -grafana.ini: - paths: - data: /var/lib/grafana/ - logs: /var/log/grafana - plugins: /var/lib/grafana/plugins - provisioning: /etc/grafana/provisioning - analytics: - check_for_updates: true - log: - mode: console - grafana_net: - url: https://grafana.net - server: - domain: "{{ if (and .Values.ingress.enabled .Values.ingress.hosts) }}{{ .Values.ingress.hosts | first }}{{ end }}" -## grafana Authentication can be enabled with the following values on grafana.ini - # server: - # The full public facing url you use in browser, used for redirects and emails - # root_url: - # https://grafana.com/docs/grafana/latest/auth/github/#enable-github-in-grafana - # auth.github: - # enabled: false - # allow_sign_up: false - # scopes: user:email,read:org - # auth_url: https://github.com/login/oauth/authorize - # token_url: https://github.com/login/oauth/access_token - # api_url: https://api.github.com/user - # team_ids: - # allowed_organizations: - # client_id: - # client_secret: -## LDAP Authentication can be enabled with the following values on grafana.ini -## NOTE: Grafana will fail to start if the value for ldap.toml is invalid - # auth.ldap: - # enabled: true - # allow_sign_up: true - # config_file: /etc/grafana/ldap.toml - -## Grafana's LDAP configuration -## Templated by the template in _helpers.tpl -## NOTE: To enable the grafana.ini must be configured with auth.ldap.enabled -## ref: http://docs.grafana.org/installation/configuration/#auth-ldap -## ref: http://docs.grafana.org/installation/ldap/#configuration -ldap: - enabled: false - # `existingSecret` is a reference to an existing secret containing the ldap configuration - # for Grafana in a key `ldap-toml`. - existingSecret: "" - # `config` is the content of `ldap.toml` that will be stored in the created secret - config: "" - # config: |- - # verbose_logging = true - - # [[servers]] - # host = "my-ldap-server" - # port = 636 - # use_ssl = true - # start_tls = false - # ssl_skip_verify = false - # bind_dn = "uid=%s,ou=users,dc=myorg,dc=com" - -## Grafana's SMTP configuration -## NOTE: To enable, grafana.ini must be configured with smtp.enabled -## ref: http://docs.grafana.org/installation/configuration/#smtp -smtp: - # `existingSecret` is a reference to an existing secret containing the smtp configuration - # for Grafana. - existingSecret: "" - userKey: "user" - passwordKey: "password" - -## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders -## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards -sidecar: - image: - repository: rancher/mirrored-kiwigrid-k8s-sidecar - tag: 1.19.2 - sha: "" - imagePullPolicy: IfNotPresent - resources: {} -# limits: -# cpu: 100m -# memory: 100Mi -# requests: -# cpu: 50m -# memory: 50Mi - securityContext: {} - # skipTlsVerify Set to true to skip tls verification for kube api calls - # skipTlsVerify: true - enableUniqueFilenames: false - readinessProbe: {} - livenessProbe: {} - # Log level default for all sidecars. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. Defaults to INFO - # logLevel: INFO - dashboards: - enabled: false - # Additional environment variables for the dashboards sidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - SCProvider: true - # label that the configmaps with dashboards are marked with - label: grafana_dashboard - # value of label that the configmaps with dashboards are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # folder in the pod that should hold the collected dashboards (unless `defaultFolderName` is set) - folder: /tmp/dashboards - # The default folder name, it will create a subfolder under the `folder` and put dashboards in there instead - defaultFolderName: null - # Namespaces list. If specified, the sidecar will search for config-maps/secrets inside these namespaces. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces. - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # If specified, the sidecar will look for annotation with this name to create folder and put graph here. - # You can use this parameter together with `provider.foldersFromFilesStructure`to annotate configmaps and create folder structure. - folderAnnotation: null - # Absolute path to shell script to execute after a configmap got reloaded - script: null - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # provider configuration that lets grafana manage the dashboards - provider: - # name of the provider, should be unique - name: sidecarProvider - # orgid as configured in grafana - orgid: 1 - # folder in which the dashboards should be imported in grafana - folder: '' - # type of the provider - type: file - # disableDelete to activate a import-only behaviour - disableDelete: false - # allow updating provisioned dashboards from the UI - allowUiUpdates: false - # allow Grafana to replicate dashboard structure from filesystem - foldersFromFilesStructure: false - # Additional dashboard sidecar volume mounts - extraMounts: [] - # Sets the size limit of the dashboard sidecar emptyDir volume - sizeLimit: {} - datasources: - enabled: false - # Additional environment variables for the datasourcessidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with datasources are marked with - label: grafana_datasource - # value of label that the configmaps with datasources are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for datasource config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload datasources - reloadURL: "http://localhost:3000/api/admin/provisioning/datasources/reload" - # Absolute path to shell script to execute after a datasource got reloaded - script: null - skipReload: true - # Deploy the datasource sidecar as an initContainer in addition to a container. - # This is needed if skipReload is true, to load any datasources defined at startup time. - initDatasources: true - # Sets the size limit of the datasource sidecar emptyDir volume - sizeLimit: {} - plugins: - enabled: false - # Additional environment variables for the plugins sidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with plugins are marked with - label: grafana_plugin - # value of label that the configmaps with plugins are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for plugin config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. - watchMethod: WATCH - # search in configmap, secret or both - resource: both - # watchServerTimeout: request to the server, asking it to cleanly close the connection after that. - # defaults to 60sec; much higher values like 3600 seconds (1h) are feasible for non-Azure K8S - # watchServerTimeout: 3600 - # - # watchClientTimeout: is a client-side timeout, configuring your local socket. - # If you have a network outage dropping all packets with no RST/FIN, - # this is how long your client waits before realizing & dropping the connection. - # defaults to 66sec (sic!) - # watchClientTimeout: 60 - # - # Endpoint to send request to reload plugins - reloadURL: "http://localhost:3000/api/admin/provisioning/plugins/reload" - # Absolute path to shell script to execute after a plugin got reloaded - script: null - skipReload: false - # Deploy the datasource sidecar as an initContainer in addition to a container. - # This is needed if skipReload is true, to load any plugins defined at startup time. - initPlugins: false - # Sets the size limit of the plugin sidecar emptyDir volume - sizeLimit: {} - notifiers: - enabled: false - # Additional environment variables for the notifierssidecar - env: {} - # Do not reprocess already processed unchanged resources on k8s API reconnect. - # ignoreAlreadyProcessed: true - # label that the configmaps with notifiers are marked with - label: grafana_notifier - # value of label that the configmaps with notifiers are set to - labelValue: "" - # Log level. Can be one of: DEBUG, INFO, WARN, ERROR, CRITICAL. - # logLevel: INFO - # If specified, the sidecar will search for notifier config-maps inside this namespace. - # Otherwise the namespace in which the sidecar is running will be used. - # It's also possible to specify ALL to search in all namespaces - searchNamespace: null - # search in configmap, secret or both - resource: both - # Sets the size limit of the notifier sidecar emptyDir volume - sizeLimit: {} - -## Override the deployment namespace -## -namespaceOverride: "" - -## Number of old ReplicaSets to retain -## -revisionHistoryLimit: 10 - -## Add a seperate remote image renderer deployment/service -imageRenderer: - # Enable the image-renderer deployment & service - enabled: false - replicas: 1 - image: - # image-renderer Image repository - repository: rancher/mirrored-grafana-grafana-image-renderer - # image-renderer Image tag - tag: 3.0.1 - # image-renderer Image sha (optional) - sha: "" - # image-renderer ImagePullPolicy - pullPolicy: Always - # extra environment variables - env: - HTTP_HOST: "0.0.0.0" - # RENDERING_ARGS: --no-sandbox,--disable-gpu,--window-size=1280x758 - # RENDERING_MODE: clustered - # IGNORE_HTTPS_ERRORS: true - # image-renderer deployment serviceAccount - serviceAccountName: "" - # image-renderer deployment securityContext - securityContext: {} - # image-renderer deployment Host Aliases - hostAliases: [] - # image-renderer deployment priority class - priorityClassName: '' - service: - # Enable the image-renderer service - enabled: true - # image-renderer service port name - portName: 'http' - # image-renderer service port used by both service and deployment - port: 8081 - targetPort: 8081 - # Adds the appProtocol field to the image-renderer service. This allows to work with istio protocol selection. Ex: "http" or "tcp" - appProtocol: "" - # If https is enabled in Grafana, this needs to be set as 'https' to correctly configure the callback used in Grafana - grafanaProtocol: http - # In case a sub_path is used this needs to be added to the image renderer callback - grafanaSubPath: "" - # name of the image-renderer port on the pod - podPortName: http - # number of image-renderer replica sets to keep - revisionHistoryLimit: 10 - networkPolicy: - # Enable a NetworkPolicy to limit inbound traffic to only the created grafana pods - limitIngress: true - # Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods - limitEgress: false - resources: {} -# limits: -# cpu: 100m -# memory: 100Mi -# requests: -# cpu: 50m -# memory: 50Mi - ## Node labels for pod assignment - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - # - nodeSelector: {} - - ## Tolerations for pod assignment - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - - ## Affinity for pod assignment (evaluated as template) - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - ## - affinity: {} - -networkPolicy: - ## @param networkPolicy.enabled Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. - ## - enabled: false - ## @param networkPolicy.allowExternal Don't require client label for connections - ## The Policy model to apply. When set to false, only pods with the correct - ## client label will have network access to grafana port defined. - ## When true, grafana will accept connections from any source - ## (with the correct destination port). - ## - ingress: true - ## @param networkPolicy.ingress When true enables the creation - ## an ingress network policy - ## - allowExternal: true - ## @param networkPolicy.explicitNamespacesSelector A Kubernetes LabelSelector to explicitly select namespaces from which traffic could be allowed - ## If explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace - ## and that match other criteria, the ones that have the good label, can reach the grafana. - ## But sometimes, we want the grafana to be accessible to clients from other namespaces, in this case, we can use this - ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. - ## - ## Example: - ## explicitNamespacesSelector: - ## matchLabels: - ## role: frontend - ## matchExpressions: - ## - {key: role, operator: In, values: [frontend]} - ## - explicitNamespacesSelector: {} - ## - ## - ## - ## - ## - ## - egress: - ## @param networkPolicy.egress.enabled When enabled, an egress network policy will be - ## created allowing grafana to connect to external data sources from kubernetes cluster. - enabled: false - ## - ## @param networkPolicy.egress.ports Add individual ports to be allowed by the egress - ports: [] - ## Add ports to the egress by specifying - port: - ## E.X. - ## ports: - ## - port: 80 - ## - port: 443 - ## - ## - ## - ## - ## - ## - -# Enable backward compatibility of kubernetes where version below 1.13 doesn't have the enableServiceLinks option -enableKubeBackwardCompatibility: false -useStatefulSet: false -# Create a dynamic manifests via values: -extraObjects: [] - # - apiVersion: "kubernetes-client.io/v1" - # kind: ExternalSecret - # metadata: - # name: grafana-secrets - # spec: - # backendType: gcpSecretsManager - # data: - # - key: grafana-admin-password - # name: adminPassword diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/.helmignore b/charts/rancher-monitoring/charts/hardenedKubelet/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/Chart.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/Chart.yaml deleted file mode 100644 index 03c7b37a8..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: hardenedKubelet -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/README.md b/charts/rancher-monitoring/charts/hardenedKubelet/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/_helpers.tpl b/charts/rancher-monitoring/charts/hardenedKubelet/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedKubelet/values.yaml b/charts/rancher-monitoring/charts/hardenedKubelet/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/hardenedKubelet/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/.helmignore b/charts/rancher-monitoring/charts/hardenedNodeExporter/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/Chart.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/Chart.yaml deleted file mode 100644 index dfa8b78d8..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: hardenedNodeExporter -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/README.md b/charts/rancher-monitoring/charts/hardenedNodeExporter/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/_helpers.tpl b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/hardenedNodeExporter/values.yaml b/charts/rancher-monitoring/charts/hardenedNodeExporter/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/hardenedNodeExporter/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/k3sServer/.helmignore b/charts/rancher-monitoring/charts/k3sServer/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/k3sServer/Chart.yaml b/charts/rancher-monitoring/charts/k3sServer/Chart.yaml deleted file mode 100644 index 3e4dd7d9c..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: k3sServer -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/k3sServer/README.md b/charts/rancher-monitoring/charts/k3sServer/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/_helpers.tpl b/charts/rancher-monitoring/charts/k3sServer/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/k3sServer/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/k3sServer/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/k3sServer/values.yaml b/charts/rancher-monitoring/charts/k3sServer/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/k3sServer/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/.helmignore b/charts/rancher-monitoring/charts/kube-state-metrics/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/Chart.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/Chart.yaml deleted file mode 100644 index 31c5f2119..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/Chart.yaml +++ /dev/null @@ -1,28 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.27.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-kube-state-metrics -apiVersion: v2 -appVersion: 2.6.0 -description: Install kube-state-metrics to generate and expose cluster-level metrics -home: https://github.com/kubernetes/kube-state-metrics/ -keywords: -- metric -- monitoring -- prometheus -- kubernetes -maintainers: -- email: tariq.ibrahim@mulesoft.com - name: tariq1890 -- email: manuel@rueg.eu - name: mrueg -- email: davidcalvertfr@gmail.com - name: dotdc -name: kube-state-metrics -sources: -- https://github.com/kubernetes/kube-state-metrics/ -type: application -version: 4.18.0 diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/README.md b/charts/rancher-monitoring/charts/kube-state-metrics/README.md deleted file mode 100644 index 7c2e16918..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/README.md +++ /dev/null @@ -1,68 +0,0 @@ -# kube-state-metrics Helm Chart - -Installs the [kube-state-metrics agent](https://github.com/kubernetes/kube-state-metrics). - -## Get Repo Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -```console -helm install [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -helm upgrade [RELEASE_NAME] prometheus-community/kube-state-metrics [flags] -``` - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -### Migrating from stable/kube-state-metrics and kubernetes/kube-state-metrics - -You can upgrade in-place: - -1. [get repo info](#get-repo-info) -1. [upgrade](#upgrading-chart) your existing release name using the new chart repo - - -## Upgrading to v3.0.0 - -v3.0.0 includes kube-state-metrics v2.0, see the [changelog](https://github.com/kubernetes/kube-state-metrics/blob/release-2.0/CHANGELOG.md) for major changes on the application-side. - -The upgraded chart now the following changes: -* Dropped support for helm v2 (helm v3 or later is required) -* collectors key was renamed to resources -* namespace key was renamed to namespaces - - -## Configuration - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: - -```console -helm show values prometheus-community/kube-state-metrics -``` - -You may also run `helm show values` on this chart's [dependencies](#dependencies) for additional options. diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/NOTES.txt b/charts/rancher-monitoring/charts/kube-state-metrics/templates/NOTES.txt deleted file mode 100644 index 5a646e0cc..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/NOTES.txt +++ /dev/null @@ -1,10 +0,0 @@ -kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. -The exposed metrics can be found here: -https://github.com/kubernetes/kube-state-metrics/blob/master/docs/README.md#exposed-metrics - -The metrics are exported on the HTTP endpoint /metrics on the listening port. -In your case, {{ template "kube-state-metrics.fullname" . }}.{{ template "kube-state-metrics.namespace" . }}.svc.cluster.local:{{ .Values.service.port }}/metrics - -They are served either as plaintext or protobuf depending on the Accept header. -They are designed to be consumed either by Prometheus itself or by a scraper that is compatible with scraping a Prometheus client endpoint. - diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kube-state-metrics/templates/_helpers.tpl deleted file mode 100644 index 4de75db2a..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/_helpers.tpl +++ /dev/null @@ -1,111 +0,0 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "kube-state-metrics.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "kube-state-metrics.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-state-metrics.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "kube-state-metrics.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-state-metrics.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "kube-state-metrics.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate basic labels -*/}} -{{- define "kube-state-metrics.labels" }} -helm.sh/chart: {{ template "kube-state-metrics.chart" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: metrics -app.kubernetes.io/part-of: {{ template "kube-state-metrics.name" . }} -{{- include "kube-state-metrics.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels }} -{{- end }} -{{- if .Values.releaseLabel }} -release: {{ .Release.Name }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "kube-state-metrics.selectorLabels" }} -app.kubernetes.io/name: {{ include "kube-state-metrics.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/clusterrolebinding.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/clusterrolebinding.yaml deleted file mode 100644 index cf9f628d0..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rbac.useClusterRole -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole -{{- if .Values.rbac.useExistingRole }} - name: {{ .Values.rbac.useExistingRole }} -{{- else }} - name: {{ template "kube-state-metrics.fullname" . }} -{{- end }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/deployment.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/deployment.yaml deleted file mode 100644 index a3c8f96b2..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/deployment.yaml +++ /dev/null @@ -1,172 +0,0 @@ -apiVersion: apps/v1 -{{- if .Values.autosharding.enabled }} -kind: StatefulSet -{{- else }} -kind: Deployment -{{- end }} -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- if .Values.annotations }} - annotations: -{{ toYaml .Values.annotations | indent 4 }} - {{- end }} -spec: - selector: - matchLabels: - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - replicas: {{ .Values.replicas }} - {{- if .Values.autosharding.enabled }} - serviceName: {{ template "kube-state-metrics.fullname" . }} - volumeClaimTemplates: [] - {{- end }} - template: - metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 8 }} - {{- if .Values.podAnnotations }} - annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} - {{- end }} - spec: - hostNetwork: {{ .Values.hostNetwork }} - serviceAccountName: {{ template "kube-state-metrics.serviceAccountName" . }} - {{- if .Values.securityContext.enabled }} - securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} - {{- end }} - containers: - - name: {{ template "kube-state-metrics.name" . }} - {{- if .Values.autosharding.enabled }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- end }} - args: - {{- if .Values.extraArgs }} - {{- .Values.extraArgs | toYaml | nindent 8 }} - {{- end }} - {{- if .Values.service.port }} - - --port={{ .Values.service.port | default 8080}} - {{- end }} - {{- if .Values.collectors }} - - --resources={{ .Values.collectors | join "," }} - {{- end }} - {{- if .Values.metricLabelsAllowlist }} - - --metric-labels-allowlist={{ .Values.metricLabelsAllowlist | join "," }} - {{- end }} - {{- if .Values.metricAnnotationsAllowList }} - - --metric-annotations-allowlist={{ .Values.metricAnnotationsAllowList | join "," }} - {{- end }} - {{- if .Values.metricAllowlist }} - - --metric-allowlist={{ .Values.metricAllowlist | join "," }} - {{- end }} - {{- if .Values.metricDenylist }} - - --metric-denylist={{ .Values.metricDenylist | join "," }} - {{- end }} - {{- if .Values.releaseNamespace }} - - --namespaces={{ template "kube-state-metrics.namespace" . }} - {{- else if .Values.namespaces }} - - --namespaces={{ tpl (.Values.namespaces | join ",") $ }} - {{- end }} - {{- if .Values.namespacesDenylist }} - - --namespaces-denylist={{ tpl (.Values.namespacesDenylist | join ",") $ }} - {{- end }} - {{- if .Values.autosharding.enabled }} - - --pod=$(POD_NAME) - - --pod-namespace=$(POD_NAMESPACE) - {{- end }} - {{- if .Values.kubeconfig.enabled }} - - --kubeconfig=/opt/k8s/.kube/config - {{- end }} - {{- if .Values.selfMonitor.telemetryHost }} - - --telemetry-host={{ .Values.selfMonitor.telemetryHost }} - {{- end }} - {{- if .Values.selfMonitor.telemetryPort }} - - --telemetry-port={{ .Values.selfMonitor.telemetryPort | default 8081 }} - {{- end }} - {{- if or (.Values.kubeconfig.enabled) (.Values.volumeMounts) }} - volumeMounts: - {{- if .Values.kubeconfig.enabled }} - - name: kubeconfig - mountPath: /opt/k8s/.kube/ - readOnly: true - {{- end }} - {{- if .Values.volumeMounts }} -{{ toYaml .Values.volumeMounts | indent 8 }} - {{- end }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}@sha256:{{ .Values.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - {{- end }} - ports: - - containerPort: {{ .Values.service.port | default 8080}} - name: "http" - {{- if .Values.selfMonitor.enabled }} - - containerPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - name: "metrics" - {{- end }} - livenessProbe: - httpGet: - path: /healthz - port: {{ .Values.service.port | default 8080}} - initialDelaySeconds: 5 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: / - port: {{ .Values.service.port | default 8080}} - initialDelaySeconds: 5 - timeoutSeconds: 5 - {{- if .Values.resources }} - resources: -{{ toYaml .Values.resources | indent 10 }} -{{- end }} -{{- if .Values.containerSecurityContext }} - securityContext: -{{ toYaml .Values.containerSecurityContext | indent 10 }} -{{- end }} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - {{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} - {{- if .Values.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml .Values.topologySpreadConstraints | indent 8 }} - {{- end }} - {{- if or (.Values.kubeconfig.enabled) (.Values.volumes) }} - volumes: - {{- if .Values.kubeconfig.enabled}} - - name: kubeconfig - secret: - secretName: {{ template "kube-state-metrics.fullname" . }}-kubeconfig - {{- end }} - {{- if .Values.volumes }} -{{ toYaml .Values.volumes | indent 8 }} - {{- end }} - {{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/kubeconfig-secret.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/kubeconfig-secret.yaml deleted file mode 100644 index 6af008450..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/kubeconfig-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.kubeconfig.enabled -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kube-state-metrics.fullname" . }}-kubeconfig - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -type: Opaque -data: - config: '{{ .Values.kubeconfig.secret }}' -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/pdb.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/pdb.yaml deleted file mode 100644 index 3771b511d..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/pdb.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.podDisruptionBudget -}} -{{ if $.Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" -}} -apiVersion: policy/v1 -{{- else -}} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-state-metrics.name" . }} -{{ toYaml .Values.podDisruptionBudget | indent 2 }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/podsecuritypolicy.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/podsecuritypolicy.yaml deleted file mode 100644 index 72872cf89..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -{{- if .Values.podSecurityPolicy.annotations }} - annotations: -{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} -{{- end }} -spec: - privileged: false - volumes: - - 'secret' -{{- if .Values.podSecurityPolicy.additionalVolumes }} -{{ toYaml .Values.podSecurityPolicy.additionalVolumes | indent 4 }} -{{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Forbid adding the root group. - - min: 1 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrole.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrole.yaml deleted file mode 100644 index 9814623c5..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.global.cattle.psp.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index 60f8a72d9..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.global.cattle.psp.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: psp-{{ template "kube-state-metrics.fullname" . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/role.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/role.yaml deleted file mode 100644 index 5fbd43c6f..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/role.yaml +++ /dev/null @@ -1,193 +0,0 @@ -{{- if not (kindIs "slice" .Values.collectors) }} -{{- fail "Collectors need to be a List since kube-state-metrics chart 3.2.2. Please check README for more information."}} -{{- end }} -{{- if and (eq .Values.rbac.create true) (not .Values.rbac.useExistingRole) -}} -{{- range (ternary (split "," .Values.namespaces) (list "") (eq $.Values.rbac.useClusterRole false)) }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -{{- if eq $.Values.rbac.useClusterRole false }} -kind: Role -{{- else }} -kind: ClusterRole -{{- end }} -metadata: - labels: - {{- include "kube-state-metrics.labels" $ | indent 4 }} - name: {{ template "kube-state-metrics.fullname" $ }} -{{- if eq $.Values.rbac.useClusterRole false }} - namespace: {{ . }} -{{- end }} -rules: -{{ if has "certificatesigningrequests" $.Values.collectors }} -- apiGroups: ["certificates.k8s.io"] - resources: - - certificatesigningrequests - verbs: ["list", "watch"] -{{ end -}} -{{ if has "configmaps" $.Values.collectors }} -- apiGroups: [""] - resources: - - configmaps - verbs: ["list", "watch"] -{{ end -}} -{{ if has "cronjobs" $.Values.collectors }} -- apiGroups: ["batch"] - resources: - - cronjobs - verbs: ["list", "watch"] -{{ end -}} -{{ if has "daemonsets" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - daemonsets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "deployments" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - deployments - verbs: ["list", "watch"] -{{ end -}} -{{ if has "endpoints" $.Values.collectors }} -- apiGroups: [""] - resources: - - endpoints - verbs: ["list", "watch"] -{{ end -}} -{{ if has "horizontalpodautoscalers" $.Values.collectors }} -- apiGroups: ["autoscaling"] - resources: - - horizontalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if has "ingresses" $.Values.collectors }} -- apiGroups: ["extensions", "networking.k8s.io"] - resources: - - ingresses - verbs: ["list", "watch"] -{{ end -}} -{{ if has "jobs" $.Values.collectors }} -- apiGroups: ["batch"] - resources: - - jobs - verbs: ["list", "watch"] -{{ end -}} -{{ if has "limitranges" $.Values.collectors }} -- apiGroups: [""] - resources: - - limitranges - verbs: ["list", "watch"] -{{ end -}} -{{ if has "mutatingwebhookconfigurations" $.Values.collectors }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - mutatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if has "namespaces" $.Values.collectors }} -- apiGroups: [""] - resources: - - namespaces - verbs: ["list", "watch"] -{{ end -}} -{{ if has "networkpolicies" $.Values.collectors }} -- apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: ["list", "watch"] -{{ end -}} -{{ if has "nodes" $.Values.collectors }} -- apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] -{{ end -}} -{{ if has "persistentvolumeclaims" $.Values.collectors }} -- apiGroups: [""] - resources: - - persistentvolumeclaims - verbs: ["list", "watch"] -{{ end -}} -{{ if has "persistentvolumes" $.Values.collectors }} -- apiGroups: [""] - resources: - - persistentvolumes - verbs: ["list", "watch"] -{{ end -}} -{{ if has "poddisruptionbudgets" $.Values.collectors }} -- apiGroups: ["policy"] - resources: - - poddisruptionbudgets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "pods" $.Values.collectors }} -- apiGroups: [""] - resources: - - pods - verbs: ["list", "watch"] -{{ end -}} -{{ if has "replicasets" $.Values.collectors }} -- apiGroups: ["extensions", "apps"] - resources: - - replicasets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "replicationcontrollers" $.Values.collectors }} -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["list", "watch"] -{{ end -}} -{{ if has "resourcequotas" $.Values.collectors }} -- apiGroups: [""] - resources: - - resourcequotas - verbs: ["list", "watch"] -{{ end -}} -{{ if has "secrets" $.Values.collectors }} -- apiGroups: [""] - resources: - - secrets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "services" $.Values.collectors }} -- apiGroups: [""] - resources: - - services - verbs: ["list", "watch"] -{{ end -}} -{{ if has "statefulsets" $.Values.collectors }} -- apiGroups: ["apps"] - resources: - - statefulsets - verbs: ["list", "watch"] -{{ end -}} -{{ if has "storageclasses" $.Values.collectors }} -- apiGroups: ["storage.k8s.io"] - resources: - - storageclasses - verbs: ["list", "watch"] -{{ end -}} -{{ if has "validatingwebhookconfigurations" $.Values.collectors }} -- apiGroups: ["admissionregistration.k8s.io"] - resources: - - validatingwebhookconfigurations - verbs: ["list", "watch"] -{{ end -}} -{{ if has "volumeattachments" $.Values.collectors }} -- apiGroups: ["storage.k8s.io"] - resources: - - volumeattachments - verbs: ["list", "watch"] -{{ end -}} -{{ if has "verticalpodautoscalers" $.Values.collectors }} -- apiGroups: ["autoscaling.k8s.io"] - resources: - - verticalpodautoscalers - verbs: ["list", "watch"] -{{ end -}} -{{ if $.Values.rbac.extraRules }} -{{ toYaml $.Values.rbac.extraRules }} -{{ end }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/rolebinding.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/rolebinding.yaml deleted file mode 100644 index 135094f7b..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/rolebinding.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and (eq .Values.rbac.create true) (eq .Values.rbac.useClusterRole false) -}} -{{- range (split "," $.Values.namespaces) }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "kube-state-metrics.labels" $ | indent 4 }} - name: {{ template "kube-state-metrics.fullname" $ }} - namespace: {{ . }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role -{{- if (not $.Values.rbac.useExistingRole) }} - name: {{ template "kube-state-metrics.fullname" $ }} -{{- else }} - name: {{ $.Values.rbac.useExistingRole }} -{{- end }} -subjects: -- kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" $ }} - namespace: {{ template "kube-state-metrics.namespace" $ }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/service.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/service.yaml deleted file mode 100644 index 92c6d4fca..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - annotations: - {{- if .Values.prometheusScrape }} - prometheus.io/scrape: '{{ .Values.prometheusScrape }}' - {{- end }} - {{- if .Values.service.annotations }} - {{- toYaml .Values.service.annotations | nindent 4 }} - {{- end }} -spec: - type: "{{ .Values.service.type }}" - ports: - - name: "http" - protocol: TCP - port: {{ .Values.service.port | default 8080}} - {{- if .Values.service.nodePort }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: {{ .Values.service.port | default 8080}} - {{ if .Values.selfMonitor.enabled }} - - name: "metrics" - protocol: TCP - port: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - targetPort: {{ .Values.selfMonitor.telemetryPort | default 8081 }} - {{- if .Values.selfMonitor.telemetryNodePort }} - nodePort: {{ .Values.selfMonitor.telemetryNodePort }} - {{- end }} - {{ end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" -{{- end }} -{{- if .Values.service.clusterIP }} - clusterIP: "{{ .Values.service.clusterIP }}" -{{- end }} - selector: - {{- include "kube-state-metrics.selectorLabels" . | indent 4 }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/serviceaccount.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/serviceaccount.yaml deleted file mode 100644 index e1229eb95..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- if .Values.serviceAccount.annotations }} - annotations: -{{ toYaml .Values.serviceAccount.annotations | indent 4 }} -{{- end }} -imagePullSecrets: -{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/servicemonitor.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/servicemonitor.yaml deleted file mode 100644 index 41da4142b..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/servicemonitor.yaml +++ /dev/null @@ -1,86 +0,0 @@ -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} - {{- with .Values.prometheus.monitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }} - selector: - matchLabels: - {{- if .Values.prometheus.monitor.selectorOverride -}} - {{ toYaml .Values.prometheus.monitor.selectorOverride | nindent 6 }} - {{ else }} - {{- include "kube-state-metrics.selectorLabels" . | indent 6 }} - {{- end }} - endpoints: - - port: http - {{- if .Values.prometheus.monitor.interval }} - interval: {{ .Values.prometheus.monitor.interval }} - {{- end }} - {{- if .Values.prometheus.monitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} - {{- end }} - {{- if .Values.prometheus.monitor.proxyUrl }} - proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}} - {{- end }} - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} - metricRelabelings: - {{- if .Values.prometheus.monitor.metricRelabelings }} - {{- toYaml .Values.prometheus.monitor.metricRelabelings | nindent 8 }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} - {{- if .Values.prometheus.monitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.scheme }} - scheme: {{ .Values.prometheus.monitor.scheme }} - {{- end }} - {{- if .Values.prometheus.monitor.tlsConfig }} - tlsConfig: - {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }} - {{- end }} - {{- if .Values.selfMonitor.enabled }} - - port: metrics - {{- if .Values.prometheus.monitor.interval }} - interval: {{ .Values.prometheus.monitor.interval }} - {{- end }} - {{- if .Values.prometheus.monitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.monitor.scrapeTimeout }} - {{- end }} - {{- if .Values.prometheus.monitor.proxyUrl }} - proxyUrl: {{ .Values.prometheus.monitor.proxyUrl}} - {{- end }} - {{- if .Values.prometheus.monitor.honorLabels }} - honorLabels: true - {{- end }} - {{- if .Values.prometheus.monitor.relabelings }} - relabelings: - {{- toYaml .Values.prometheus.monitor.relabelings | nindent 8 }} - {{- end }} - {{- if .Values.prometheus.monitor.scheme }} - scheme: {{ .Values.prometheus.monitor.scheme }} - {{- end }} - {{- if .Values.prometheus.monitor.tlsConfig }} - tlsConfig: - {{- toYaml .Values.prometheus.monitor.tlsConfig | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-role.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-role.yaml deleted file mode 100644 index 489de147c..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-role.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resourceNames: - - {{ template "kube-state-metrics.fullname" . }} - resources: - - statefulsets - verbs: - - get - - list - - watch -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml deleted file mode 100644 index 73b37a4f6..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/templates/stsdiscovery-rolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.autosharding.enabled .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} - labels: - {{- include "kube-state-metrics.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: stsdiscovery-{{ template "kube-state-metrics.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "kube-state-metrics.serviceAccountName" . }} - namespace: {{ template "kube-state-metrics.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kube-state-metrics/values.yaml b/charts/rancher-monitoring/charts/kube-state-metrics/values.yaml deleted file mode 100644 index d96131a03..000000000 --- a/charts/rancher-monitoring/charts/kube-state-metrics/values.yaml +++ /dev/null @@ -1,271 +0,0 @@ -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - -# Default values for kube-state-metrics. -prometheusScrape: true -image: - repository: rancher/mirrored-kube-state-metrics-kube-state-metrics - tag: v2.6.0 - sha: "" - pullPolicy: IfNotPresent - -imagePullSecrets: [] -# - name: "image-pull-secret" - -# If set to true, this will deploy kube-state-metrics as a StatefulSet and the data -# will be automatically sharded across <.Values.replicas> pods using the built-in -# autodiscovery feature: https://github.com/kubernetes/kube-state-metrics#automated-sharding -# This is an experimental feature and there are no stability guarantees. -autosharding: - enabled: false - -replicas: 1 - -# List of additional cli arguments to configure kube-state-metrics -# for example: --enable-gzip-encoding, --log-file, etc. -# all the possible args can be found here: https://github.com/kubernetes/kube-state-metrics/blob/master/docs/cli-arguments.md -extraArgs: [] - -service: - port: 8080 - # Default to clusterIP for backward compatibility - type: ClusterIP - nodePort: 0 - loadBalancerIP: "" - clusterIP: "" - annotations: {} - -## Additional labels to add to all resources -customLabels: {} - # app: kube-state-metrics - -## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box -releaseLabel: false - -hostNetwork: false - -rbac: - # If true, create & use RBAC resources - create: true - - # Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to it, rolename set here. - # useExistingRole: your-existing-role - - # If set to false - Run without Cluteradmin privs needed - ONLY works if namespace is also set (if useExistingRole is set this name is used as ClusterRole or Role to bind to) - useClusterRole: true - - # Add permissions for CustomResources' apiGroups in Role/ClusterRole. Should be used in conjunction with Custom Resource State Metrics configuration - # Example: - # - apiGroups: ["monitoring.coreos.com"] - # resources: ["prometheuses"] - # verbs: ["list", "watch"] - extraRules: [] - -serviceAccount: - # Specifies whether a ServiceAccount should be created, require rbac true - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - # Reference to one or more secrets to be used when pulling images - # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - imagePullSecrets: [] - # ServiceAccount annotations. - # Use case: AWS EKS IAM roles for service accounts - # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html - annotations: {} - -prometheus: - monitor: - enabled: false - additionalLabels: {} - namespace: "" - jobLabel: "" - interval: "" - scrapeTimeout: "" - proxyUrl: "" - selectorOverride: {} - honorLabels: false - metricRelabelings: [] - relabelings: [] - scheme: "" - tlsConfig: {} - -## Specify if a Pod Security Policy for kube-state-metrics must be created -## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ -## -podSecurityPolicy: - annotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - additionalVolumes: [] - -securityContext: - enabled: true - runAsNonRoot: true - runAsGroup: 65534 - runAsUser: 65534 - fsGroup: 65534 - -## Specify security settings for a Container -## Allows overrides and additional options compared to (Pod) securityContext -## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container -containerSecurityContext: {} - -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -## Affinity settings for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -affinity: {} - -## Tolerations for pod assignment -## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -## Topology spread constraints for pod assignment -## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ -topologySpreadConstraints: [] - -# Annotations to be added to the deployment/statefulset -annotations: {} - -# Annotations to be added to the pod -podAnnotations: {} - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -# Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ -podDisruptionBudget: {} - -# Comma-separated list of metrics to be exposed. -# This list comprises of exact metric names and/or regex patterns. -# The allowlist and denylist are mutually exclusive. -metricAllowlist: [] - -# Comma-separated list of metrics not to be enabled. -# This list comprises of exact metric names and/or regex patterns. -# The allowlist and denylist are mutually exclusive. -metricDenylist: [] - -# Comma-separated list of additional Kubernetes label keys that will be used in the resource's -# labels metric. By default the metric contains only name and namespace labels. -# To include additional labels, provide a list of resource names in their plural form and Kubernetes -# label keys you would like to allow for them (Example: '=namespaces=[k8s-label-1,k8s-label-n,...],pods=[app],...)'. -# A single '*' can be provided per resource instead to allow any labels, but that has -# severe performance implications (Example: '=pods=[*]'). -metricLabelsAllowlist: [] - # - namespaces=[k8s-label-1,k8s-label-n] - -# Comma-separated list of Kubernetes annotations keys that will be used in the resource' -# labels metric. By default the metric contains only name and namespace labels. -# To include additional annotations provide a list of resource names in their plural form and Kubernetes -# annotation keys you would like to allow for them (Example: '=namespaces=[kubernetes.io/team,...],pods=[kubernetes.io/team],...)'. -# A single '*' can be provided per resource instead to allow any annotations, but that has -# severe performance implications (Example: '=pods=[*]'). -metricAnnotationsAllowList: [] - # - pods=[k8s-annotation-1,k8s-annotation-n] - -# Available collectors for kube-state-metrics. -# By default, all available resources are enabled, comment out to disable. -collectors: - - certificatesigningrequests - - configmaps - - cronjobs - - daemonsets - - deployments - - endpoints - - horizontalpodautoscalers - - ingresses - - jobs - - limitranges - - mutatingwebhookconfigurations - - namespaces - - networkpolicies - - nodes - - persistentvolumeclaims - - persistentvolumes - - poddisruptionbudgets - - pods - - replicasets - - replicationcontrollers - - resourcequotas - - secrets - - services - - statefulsets - - storageclasses - - validatingwebhookconfigurations - - volumeattachments - # - verticalpodautoscalers # not a default resource, see also: https://github.com/kubernetes/kube-state-metrics#enabling-verticalpodautoscalers - -# Enabling kubeconfig will pass the --kubeconfig argument to the container -kubeconfig: - enabled: false - # base64 encoded kube-config file - secret: - -# Enable only the release namespace for collecting resources. By default all namespaces are collected. -# If releaseNamespace and namespaces are both set only releaseNamespace will be used. -releaseNamespace: false - -# Comma-separated list of namespaces to be enabled for collecting resources. By default all namespaces are collected. -namespaces: "" - -# Comma-separated list of namespaces not to be enabled. If namespaces and namespaces-denylist are both set, -# only namespaces that are excluded in namespaces-denylist will be used. -namespacesDenylist: "" - -## Override the deployment namespace -## -namespaceOverride: "" - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 64Mi - # requests: - # cpu: 10m - # memory: 32Mi - -## Provide a k8s version to define apiGroups for podSecurityPolicy Cluster Role. -## For example: kubeTargetVersionOverride: 1.14.9 -## -kubeTargetVersionOverride: "" - -# Enable self metrics configuration for service and Service Monitor -# Default values for telemetry configuration can be overridden -# If you set telemetryNodePort, you must also set service.type to NodePort -selfMonitor: - enabled: false - # telemetryHost: 0.0.0.0 - # telemetryPort: 8081 - # telemetryNodePort: 0 - -# volumeMounts are used to add custom volume mounts to deployment. -# See example below -volumeMounts: [] -# - mountPath: /etc/config -# name: config-volume - -# volumes are used to add custom volumes to deployment -# See example below -volumes: [] -# - configMap: -# name: cm-for-volume -# name: config-volume diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/.helmignore b/charts/rancher-monitoring/charts/kubeAdmControllerManager/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/Chart.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/Chart.yaml deleted file mode 100644 index 93062b742..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: kubeAdmControllerManager -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/README.md b/charts/rancher-monitoring/charts/kubeAdmControllerManager/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmControllerManager/values.yaml b/charts/rancher-monitoring/charts/kubeAdmControllerManager/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmControllerManager/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/.helmignore b/charts/rancher-monitoring/charts/kubeAdmEtcd/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/Chart.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/Chart.yaml deleted file mode 100644 index 95459be0d..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: kubeAdmEtcd -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/README.md b/charts/rancher-monitoring/charts/kubeAdmEtcd/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmEtcd/values.yaml b/charts/rancher-monitoring/charts/kubeAdmEtcd/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmEtcd/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/.helmignore b/charts/rancher-monitoring/charts/kubeAdmProxy/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/Chart.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/Chart.yaml deleted file mode 100644 index 86570faee..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: kubeAdmProxy -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/README.md b/charts/rancher-monitoring/charts/kubeAdmProxy/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmProxy/values.yaml b/charts/rancher-monitoring/charts/kubeAdmProxy/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmProxy/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/.helmignore b/charts/rancher-monitoring/charts/kubeAdmScheduler/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/Chart.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/Chart.yaml deleted file mode 100644 index 6ca585259..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: kubeAdmScheduler -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/README.md b/charts/rancher-monitoring/charts/kubeAdmScheduler/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/_helpers.tpl b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/kubeAdmScheduler/values.yaml b/charts/rancher-monitoring/charts/kubeAdmScheduler/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/kubeAdmScheduler/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/.helmignore b/charts/rancher-monitoring/charts/prometheus-adapter/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/Chart.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/Chart.yaml deleted file mode 100644 index 49e397944..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/Chart.yaml +++ /dev/null @@ -1,27 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.27.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-prometheus-adapter -apiVersion: v1 -appVersion: v0.10.0 -description: A Helm chart for k8s prometheus adapter -home: https://github.com/kubernetes-sigs/prometheus-adapter -keywords: -- hpa -- metrics -- prometheus -- adapter -maintainers: -- email: mattias.gees@jetstack.io - name: mattiasgees -- name: steven-sheehy -- email: hfernandez@mesosphere.com - name: hectorj2f -name: prometheus-adapter -sources: -- https://github.com/kubernetes/charts -- https://github.com/kubernetes-sigs/prometheus-adapter -version: 3.4.0 diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/README.md b/charts/rancher-monitoring/charts/prometheus-adapter/README.md deleted file mode 100644 index b83416068..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/README.md +++ /dev/null @@ -1,138 +0,0 @@ -# Prometheus Adapter - -Installs the [Prometheus Adapter](https://github.com/kubernetes-sigs/prometheus-adapter) for the Custom Metrics API. Custom metrics are used in Kubernetes by [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) to scale workloads based upon your own metric pulled from an external metrics provider like Prometheus. This chart complements the [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server) chart that provides resource only metrics. - -## Prerequisites - -Kubernetes 1.14+ - -## Get Helm Repositories Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Helm Chart - -```console -helm install [RELEASE_NAME] prometheus-community/prometheus-adapter -``` - -_See [configuration](#configuration) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Helm Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Helm Chart - -```console -helm upgrade [RELEASE_NAME] [CHART] --install -``` - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -### To 3.0.0 - -Due to a change in deployment labels, the upgrade requires `helm upgrade --force` in order to re-create the deployment. - -## Configuration - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: - -```console -helm show values prometheus-community/prometheus-adapter -``` - -### Prometheus Service Endpoint - -To use the chart, ensure the `prometheus.url` and `prometheus.port` are configured with the correct Prometheus service endpoint. If Prometheus is exposed under HTTPS the host's CA Bundle must be exposed to the container using `extraVolumes` and `extraVolumeMounts`. - -### Adapter Rules - -Additionally, the chart comes with a set of default rules out of the box but they may pull in too many metrics or not map them correctly for your needs. Therefore, it is recommended to populate `rules.custom` with a list of rules (see the [config document](https://github.com/kubernetes-sigs/prometheus-adapter/blob/master/docs/config.md) for the proper format). - -### Horizontal Pod Autoscaler Metrics - -Finally, to configure your Horizontal Pod Autoscaler to use the custom metric, see the custom metrics section of the [HPA walkthrough](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics). - -The Prometheus Adapter can serve three different [metrics APIs](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-metrics-apis): - -### Custom Metrics - -Enabling this option will cause custom metrics to be served at `/apis/custom.metrics.k8s.io/v1beta1`. Enabled by default when `rules.default` is true, but can be customized by populating `rules.custom`: - -```yaml -rules: - custom: - - seriesQuery: '{__name__=~"^some_metric_count$"}' - resources: - template: <<.Resource>> - name: - matches: "" - as: "my_custom_metric" - metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) -``` - -### External Metrics - -Enabling this option will cause external metrics to be served at `/apis/external.metrics.k8s.io/v1beta1`. Can be enabled by populating `rules.external`: - -```yaml -rules: - external: - - seriesQuery: '{__name__=~"^some_metric_count$"}' - resources: - template: <<.Resource>> - name: - matches: "" - as: "my_external_metric" - metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) -``` - -### Resource Metrics - -Enabling this option will cause resource metrics to be served at `/apis/metrics.k8s.io/v1beta1`. Resource metrics will allow pod CPU and Memory metrics to be used in [Horizontal Pod Autoscalers](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) as well as the `kubectl top` command. Can be enabled by populating `rules.resource`: - -```yaml -rules: - resource: - cpu: - containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, container!=""}[3m])) by (<<.GroupBy>>) - nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>) - resources: - overrides: - node: - resource: node - namespace: - resource: namespace - pod: - resource: pod - containerLabel: container - memory: - containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>, container!=""}) by (<<.GroupBy>>) - nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>) - resources: - overrides: - node: - resource: node - namespace: - resource: namespace - pod: - resource: pod - containerLabel: container - window: 3m -``` - -**NOTE:** Setting a value for `rules.resource` will also deploy the resource metrics API service, providing the same functionality as [metrics-server](https://github.com/helm/charts/tree/master/stable/metrics-server). As such it is not possible to deploy them both in the same cluster. diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/NOTES.txt b/charts/rancher-monitoring/charts/prometheus-adapter/templates/NOTES.txt deleted file mode 100644 index b7b9b9932..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/NOTES.txt +++ /dev/null @@ -1,9 +0,0 @@ -{{ template "k8s-prometheus-adapter.fullname" . }} has been deployed. -In a few minutes you should be able to list metrics using the following command(s): -{{ if .Values.rules.resource }} - kubectl get --raw /apis/metrics.k8s.io/v1beta1 -{{- end }} - kubectl get --raw /apis/custom.metrics.k8s.io/v1beta1 -{{ if .Values.rules.external }} - kubectl get --raw /apis/external.metrics.k8s.io/v1beta1 -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/_helpers.tpl b/charts/rancher-monitoring/charts/prometheus-adapter/templates/_helpers.tpl deleted file mode 100644 index edbb829b2..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/_helpers.tpl +++ /dev/null @@ -1,113 +0,0 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "k8s-prometheus-adapter.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "k8s-prometheus-adapter.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "k8s-prometheus-adapter.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "k8s-prometheus-adapter.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Generate basic labels -*/}} -{{- define "k8s-prometheus-adapter.labels" }} -helm.sh/chart: {{ include "k8s-prometheus-adapter.chart" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: metrics -app.kubernetes.io/part-of: {{ template "k8s-prometheus-adapter.name" . }} -{{- include "k8s-prometheus-adapter.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if .Values.customLabels }} -{{ toYaml .Values.customLabels }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "k8s-prometheus-adapter.selectorLabels" }} -app.kubernetes.io/name: {{ include "k8s-prometheus-adapter.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "k8s-prometheus-adapter.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "k8s-prometheus-adapter.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* Get Policy API Version */}} -{{- define "k8s-prometheus-adapter.pdb.apiVersion" -}} -{{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}} - {{- print "policy/v1" -}} -{{- else -}} - {{- print "policy/v1beta1" -}} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/certmanager.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/certmanager.yaml deleted file mode 100644 index 4e32c964c..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/certmanager.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if .Values.certManager.enabled -}} ---- -# Create a selfsigned Issuer, in order to create a root CA certificate for -# signing webhook serving certificates -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - selfSigned: {} ---- -# Generate a CA Certificate used to sign certificates for the webhook -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert - duration: {{ .Values.certManager.caCertDuration }} - issuerRef: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-self-signed-issuer - commonName: "ca.webhook.prometheus-adapter" - isCA: true ---- -# Create an Issuer that uses the above generated CA certificate to issue certs -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - ca: - secretName: {{ template "k8s-prometheus-adapter.fullname" . }}-root-cert ---- -# Finally, generate a serving certificate for the apiservices to use -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-cert - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - secretName: {{ template "k8s-prometheus-adapter.fullname" . }} - duration: {{ .Values.certManager.certDuration }} - issuerRef: - name: {{ template "k8s-prometheus-adapter.fullname" . }}-root-issuer - dnsNames: - - {{ template "k8s-prometheus-adapter.fullname" . }} - - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ include "k8s-prometheus-adapter.namespace" . }} - - {{ template "k8s-prometheus-adapter.fullname" . }}.{{ include "k8s-prometheus-adapter.namespace" . }}.svc -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml deleted file mode 100644 index 6701e6ba0..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-auth-delegator.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-system-auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml deleted file mode 100644 index 67efd2aa2..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-binding-resource-reader.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml deleted file mode 100644 index 2c690a03c..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/cluster-role-resource-reader.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-resource-reader -rules: -- apiGroups: - - "" - resources: - - namespaces - - pods - - services - - configmaps - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/configmap.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/configmap.yaml deleted file mode 100644 index 17f415d97..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/configmap.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- if not .Values.rules.existing -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -data: - config.yaml: | -{{- if or .Values.rules.default .Values.rules.custom }} - rules: -{{- if .Values.rules.default }} - - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' - seriesFilters: [] - resources: - overrides: - namespace: - resource: namespace - pod: - resource: pod - name: - matches: ^container_(.*)_seconds_total$ - as: "" - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) - by (<<.GroupBy>>) - - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' - seriesFilters: - - isNot: ^container_.*_seconds_total$ - resources: - overrides: - namespace: - resource: namespace - pod: - resource: pod - name: - matches: ^container_(.*)_total$ - as: "" - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container!="POD"}[5m])) - by (<<.GroupBy>>) - - seriesQuery: '{__name__=~"^container_.*",container!="POD",namespace!="",pod!=""}' - seriesFilters: - - isNot: ^container_.*_total$ - resources: - overrides: - namespace: - resource: namespace - pod: - resource: pod - name: - matches: ^container_(.*)$ - as: "" - metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>,container!="POD"}) by (<<.GroupBy>>) - - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' - seriesFilters: - - isNot: .*_total$ - resources: - template: <<.Resource>> - name: - matches: "" - as: "" - metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) - - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' - seriesFilters: - - isNot: .*_seconds_total - resources: - template: <<.Resource>> - name: - matches: ^(.*)_total$ - as: "" - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) - - seriesQuery: '{namespace!="",__name__!~"^container_.*"}' - seriesFilters: [] - resources: - template: <<.Resource>> - name: - matches: ^(.*)_seconds_total$ - as: "" - metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[5m])) by (<<.GroupBy>>) -{{- end -}} -{{- if .Values.rules.custom }} -{{ toYaml .Values.rules.custom | indent 4 }} -{{- end -}} -{{- end -}} -{{- if .Values.rules.external }} - externalRules: -{{ toYaml .Values.rules.external | indent 4 }} -{{- end -}} -{{- if .Values.rules.resource }} - resourceRules: -{{ toYaml .Values.rules.resource | indent 6 }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml deleted file mode 100644 index d2dbf32f7..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-apiservice.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if or .Values.rules.default .Values.rules.custom }} -{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} -apiVersion: apiregistration.k8s.io/v1 -{{- else }} -apiVersion: apiregistration.k8s.io/v1beta1 -{{- end }} -kind: APIService -metadata: -{{- if or .Values.certManager.enabled .Values.customAnnotations }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} -{{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: v1beta1.custom.metrics.k8s.io -spec: - service: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} - {{- if .Values.tls.enable }} - caBundle: {{ b64enc .Values.tls.ca }} - {{- end }} - group: custom.metrics.k8s.io - version: v1beta1 - insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml deleted file mode 100644 index 0cc692083..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role-binding-hpa.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- /* -This if must be aligned with custom-metrics-cluster-role.yaml -as otherwise this binding will point to not existing role. -*/ -}} -{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml deleted file mode 100644 index 4aa15ffe9..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/custom-metrics-cluster-role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.rbac.create (or .Values.rules.default .Values.rules.custom) -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-server-resources -rules: -- apiGroups: - - custom.metrics.k8s.io - resources: ["*"] - verbs: ["*"] -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/deployment.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/deployment.yaml deleted file mode 100644 index 64446e685..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/deployment.yaml +++ /dev/null @@ -1,147 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} -spec: - replicas: {{ .Values.replicas }} - strategy: {{ toYaml .Values.strategy | nindent 4 }} - selector: - matchLabels: - {{- include "k8s-prometheus-adapter.selectorLabels" . | indent 6 }} - template: - metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 8 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | trim | nindent 8 }} - {{- end }} - name: {{ template "k8s-prometheus-adapter.name" . }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} - {{- toYaml . | trim | nindent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - {{- if .Values.hostNetwork.enabled }} - hostNetwork: true - {{- end }} - {{- if .Values.dnsPolicy }} - dnsPolicy: {{ .Values.dnsPolicy }} - {{- end}} - containers: - - name: {{ .Chart.Name }} - image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - /adapter - - --secure-port={{ .Values.listenPort }} - {{- if or .Values.tls.enable .Values.certManager.enabled }} - - --tls-cert-file=/var/run/serving-cert/tls.crt - - --tls-private-key-file=/var/run/serving-cert/tls.key - {{- end }} - - --cert-dir=/tmp/cert - - --logtostderr=true - - --prometheus-url={{ tpl .Values.prometheus.url . }}{{ if .Values.prometheus.port }}:{{ .Values.prometheus.port }}{{end}}{{ .Values.prometheus.path }} - - --metrics-relist-interval={{ .Values.metricsRelistInterval }} - - --v={{ .Values.logLevel }} - - --config=/etc/adapter/config.yaml - {{- if .Values.extraArguments }} - {{- toYaml .Values.extraArguments | trim | nindent 8 }} - {{- end }} - ports: - - containerPort: {{ .Values.listenPort }} - name: https - livenessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - initialDelaySeconds: 30 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /healthz - port: https - scheme: HTTPS - initialDelaySeconds: 30 - timeoutSeconds: 5 - {{- if .Values.resources }} - resources: - {{- toYaml .Values.resources | nindent 10 }} - {{- end }} - {{- with .Values.dnsConfig }} - dnsConfig: - {{ toYaml . | indent 8 }} - {{- end }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["all"] - readOnlyRootFilesystem: true - runAsNonRoot: true - {{- if .Values.runAsUser }} - runAsUser: {{ .Values.runAsUser }} - {{- end }} - volumeMounts: - {{- if .Values.extraVolumeMounts }} - {{ toYaml .Values.extraVolumeMounts | trim | nindent 8 }} - {{ end }} - - mountPath: /etc/adapter/ - name: config - readOnly: true - - mountPath: /tmp - name: tmp - {{- if or .Values.tls.enable .Values.certManager.enabled }} - - mountPath: /var/run/serving-cert - name: volume-serving-cert - readOnly: true - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 8 }} -{{- end }} - affinity: - {{- toYaml .Values.affinity | nindent 8 }} - topologySpreadConstraints: - {{- toYaml .Values.topologySpreadConstraints | nindent 8 }} - priorityClassName: {{ .Values.priorityClassName }} - {{- if .Values.podSecurityContext }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 8 }} -{{- end }} - {{- if .Values.image.pullSecrets }} - imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - volumes: - {{- if .Values.extraVolumes }} - {{ toYaml .Values.extraVolumes | trim | nindent 6 }} - {{ end }} - - name: config - configMap: - name: {{ .Values.rules.existing | default (include "k8s-prometheus-adapter.fullname" . ) }} - - name: tmp - emptyDir: {} - {{- if or .Values.tls.enable .Values.certManager.enabled }} - - name: volume-serving-cert - secret: - secretName: {{ template "k8s-prometheus-adapter.fullname" . }} - {{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml deleted file mode 100644 index 7088af7a9..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-apiservice.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.rules.external }} -{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} -apiVersion: apiregistration.k8s.io/v1 -{{- else }} -apiVersion: apiregistration.k8s.io/v1beta1 -{{- end }} -kind: APIService -metadata: -{{- if or .Values.certManager.enabled .Values.customAnnotations }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} -{{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: v1beta1.external.metrics.k8s.io -spec: - service: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} - {{- if .Values.tls.enable }} - caBundle: {{ b64enc .Values.tls.ca }} - {{- end }} - group: external.metrics.k8s.io - version: v1beta1 - insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml deleted file mode 100644 index 05547bd32..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role-binding-hpa.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rules.external -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-external-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics -subjects: -- kind: ServiceAccount - name: horizontal-pod-autoscaler - namespace: kube-system -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml deleted file mode 100644 index 212ea78b2..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/external-metrics-cluster-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.rbac.create .Values.rules.external -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-external-metrics -rules: -- apiGroups: - - "external.metrics.k8s.io" - resources: - - "*" - verbs: - - list - - get - - watch -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/pdb.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/pdb.yaml deleted file mode 100644 index 205761a9f..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/pdb.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.podDisruptionBudget.enabled }} -apiVersion: {{ include "k8s-prometheus-adapter.pdb.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - {{- if .Values.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - {{- include "k8s-prometheus-adapter.selectorLabels" . | indent 6 }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/psp.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/psp.yaml deleted file mode 100644 index 062035795..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/psp.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if .Values.global.cattle.psp.enabled -}} ---- -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} -spec: - {{- if .Values.hostNetwork.enabled }} - hostNetwork: true - hostPorts: - - min: {{ .Values.listenPort }} - max: {{ .Values.listenPort }} - {{- end }} - fsGroup: - rule: RunAsAny - runAsGroup: - rule: RunAsAny - runAsUser: - rule: MustRunAs - ranges: - - min: 1024 - max: 65535 - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - secret - - emptyDir - - configMap ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -rules: -- apiGroups: - - 'policy' - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "k8s-prometheus-adapter.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-psp -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml deleted file mode 100644 index c86037fe8..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-apiservice.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.rules.resource}} -{{- if .Capabilities.APIVersions.Has "apiregistration.k8s.io/v1" }} -apiVersion: apiregistration.k8s.io/v1 -{{- else }} -apiVersion: apiregistration.k8s.io/v1beta1 -{{- end }} -kind: APIService -metadata: -{{- if or .Values.certManager.enabled .Values.customAnnotations }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-root-cert" (include "k8s-prometheus-adapter.namespace" .) (include "k8s-prometheus-adapter.fullname" .) | quote }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} -{{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: v1beta1.metrics.k8s.io -spec: - service: - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} - {{- if .Values.tls.enable }} - caBundle: {{ b64enc .Values.tls.ca }} - {{- end }} - group: metrics.k8s.io - version: v1beta1 - insecureSkipTLSVerify: {{ if or .Values.tls.enable .Values.certManager.enabled }}false{{ else }}true{{ end }} - groupPriorityMinimum: 100 - versionPriority: 100 -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml deleted file mode 100644 index 3c247e48d..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role-binding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.rbac.create .Values.rules.resource -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-hpa-controller-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "k8s-prometheus-adapter.name" . }}-metrics -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml deleted file mode 100644 index 73d895304..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/resource-metrics-cluster-role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if and .Values.rbac.create .Values.rules.resource -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-metrics -rules: -- apiGroups: - - "" - resources: - - pods - - nodes - - nodes/stats - verbs: - - get - - list - - watch -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml deleted file mode 100644 index d3c77c1c6..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/role-binding-auth-reader.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.name" . }}-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . | quote }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/secret.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/secret.yaml deleted file mode 100644 index 3e7e8887b..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/secret.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.tls.enable -}} -apiVersion: v1 -kind: Secret -metadata: - {{- if .Values.customAnnotations }} - annotations: - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} -type: kubernetes.io/tls -data: - tls.crt: {{ b64enc .Values.tls.certificate }} - tls.key: {{ b64enc .Values.tls.key }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/service.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/service.yaml deleted file mode 100644 index ddac37cfa..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - {{- if or .Values.service.annotations .Values.customAnnotations }} - annotations: - {{- if .Values.service.annotations }} - {{ toYaml .Values.service.annotations | indent 4 }} - {{- end }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} - {{- end }} - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.fullname" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} -spec: - ports: - - port: {{ .Values.service.port }} - protocol: TCP - targetPort: https - selector: - {{- include "k8s-prometheus-adapter.selectorLabels" . | indent 4 }} - type: {{ .Values.service.type }} - {{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/templates/serviceaccount.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/templates/serviceaccount.yaml deleted file mode 100644 index 30a169ae0..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "k8s-prometheus-adapter.labels" . | indent 4 }} - name: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} - namespace: {{ include "k8s-prometheus-adapter.namespace" . }} -{{- if or .Values.serviceAccount.annotations .Values.customAnnotations }} - annotations: - {{- if .Values.serviceAccount.annotations }} - {{- toYaml .Values.serviceAccount.annotations | nindent 4 }} - {{- end }} - {{- if .Values.customAnnotations }} - {{- toYaml .Values.customAnnotations | nindent 4 }} - {{- end }} -{{- end }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-adapter/values.yaml b/charts/rancher-monitoring/charts/prometheus-adapter/values.yaml deleted file mode 100644 index 34f9e999d..000000000 --- a/charts/rancher-monitoring/charts/prometheus-adapter/values.yaml +++ /dev/null @@ -1,217 +0,0 @@ -# Default values for k8s-prometheus-adapter.. -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - -affinity: {} - -topologySpreadConstraints: [] - -image: - repository: rancher/mirrored-prometheus-adapter-prometheus-adapter - tag: v0.10.0 - pullPolicy: IfNotPresent - -logLevel: 4 - -metricsRelistInterval: 1m - -listenPort: 6443 - -# User to run adapter container as -runAsUser: 10001 - -nodeSelector: {} - -priorityClassName: "" - -## Override the release namespace (for multi-namespace deployments in combined charts) -namespaceOverride: "" - -## Additional annotations to add to all resources -customAnnotations: {} - # role: custom-metrics - -## Additional labels to add to all resources -customLabels: {} - # monitoring: prometheus-adapter - -# Url to access prometheus -prometheus: - # Value is templated - url: http://prometheus.default.svc - port: 9090 - path: "" - -replicas: 1 - -# k8s 1.21 needs fsGroup to be set for non root deployments -# ref: https://github.com/kubernetes/kubernetes/issues/70679 -podSecurityContext: - fsGroup: 10001 - -rbac: - # Specifies whether RBAC resources should be created - create: true - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - # ServiceAccount annotations. - # Use case: AWS EKS IAM roles for service accounts - # ref: https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.html - annotations: {} - -# Custom DNS configuration to be added to prometheus-adapter pods -dnsConfig: {} - # nameservers: - # - 1.2.3.4 - # searches: - # - ns1.svc.cluster-domain.example - # - my.dns.search.suffix - # options: - # - name: ndots - # value: "2" - # - name: edns0 - -resources: {} - # requests: - # cpu: 100m - # memory: 128Mi - # limits: - # cpu: 100m - # memory: 128Mi - -rules: - default: true - - custom: [] - # - seriesQuery: '{__name__=~"^some_metric_count$"}' - # resources: - # template: <<.Resource>> - # name: - # matches: "" - # as: "my_custom_metric" - # metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) - - # Mounts a configMap with pre-generated rules for use. Overrides the - # default, custom, external and resource entries - existing: - - external: [] - # - seriesQuery: '{__name__=~"^some_metric_count$"}' - # resources: - # template: <<.Resource>> - # name: - # matches: "" - # as: "my_external_metric" - # metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>) - - # resource: - # cpu: - # containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, container!=""}[3m])) by (<<.GroupBy>>) - # nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[3m])) by (<<.GroupBy>>) - # resources: - # overrides: - # node: - # resource: node - # namespace: - # resource: namespace - # pod: - # resource: pod - # containerLabel: container - # memory: - # containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>, container!=""}) by (<<.GroupBy>>) - # nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>) - # resources: - # overrides: - # node: - # resource: node - # namespace: - # resource: namespace - # pod: - # resource: pod - # containerLabel: container - # window: 3m - -service: - annotations: {} - port: 443 - type: ClusterIP - # clusterIP: 1.2.3.4 - -tls: - enable: false - ca: |- - # Public CA file that signed the APIService - key: |- - # Private key of the APIService - certificate: |- - # Public key of the APIService - -# Any extra arguments -extraArguments: [] - # - --tls-private-key-file=/etc/tls/tls.key - # - --tls-cert-file=/etc/tls/tls.crt - -# Any extra volumes -extraVolumes: [] - # - name: example-name - # hostPath: - # path: /path/on/host - # type: DirectoryOrCreate - # - name: ssl-certs - # hostPath: - # path: /etc/ssl/certs/ca-bundle.crt - # type: File - -# Any extra volume mounts -extraVolumeMounts: [] - # - name: example-name - # mountPath: /path/in/container - # - name: ssl-certs - # mountPath: /etc/ssl/certs/ca-certificates.crt - # readOnly: true - -tolerations: [] - -# Labels added to the pod -podLabels: {} - -# Annotations added to the pod -podAnnotations: {} - -hostNetwork: - # Specifies if prometheus-adapter should be started in hostNetwork mode. - # - # You would require this enabled if you use alternate overlay networking for pods and - # API server unable to communicate with metrics-server. As an example, this is required - # if you use Weave network on EKS. See also dnsPolicy - enabled: false - -# When hostNetwork is enabled, you probably want to set this to ClusterFirstWithHostNet -# dnsPolicy: ClusterFirstWithHostNet - -# Deployment strategy type -strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - maxSurge: 25% - -podDisruptionBudget: - # Specifies if PodDisruptionBudget should be enabled - # When enabled, minAvailable or maxUnavailable should also be defined. - enabled: false - minAvailable: - maxUnavailable: 1 - -certManager: - enabled: false - caCertDuration: 43800h - certDuration: 8760h diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/.helmignore b/charts/rancher-monitoring/charts/prometheus-node-exporter/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/Chart.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/Chart.yaml deleted file mode 100644 index ac00322ea..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.27.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-node-exporter -apiVersion: v2 -appVersion: 1.3.1 -description: A Helm chart for prometheus node-exporter -home: https://github.com/prometheus/node_exporter/ -keywords: -- node-exporter -- prometheus -- exporter -maintainers: -- email: gianrubio@gmail.com - name: gianrubio -- email: zanhsieh@gmail.com - name: zanhsieh -name: prometheus-node-exporter -sources: -- https://github.com/prometheus/node_exporter/ -type: application -version: 4.2.0 diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/README.md b/charts/rancher-monitoring/charts/prometheus-node-exporter/README.md deleted file mode 100644 index 02de7b14c..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/README.md +++ /dev/null @@ -1,77 +0,0 @@ -# Prometheus `Node Exporter` - -Prometheus exporter for hardware and OS metrics exposed by *NIX kernels, written in Go with pluggable metric collectors. - -This chart bootstraps a prometheus [`Node Exporter`](http://github.com/prometheus/node_exporter) daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. - -## Get Repository Info - -```console -helm repo add prometheus-community https://prometheus-community.github.io/helm-charts -helm repo update -``` - -_See [`helm repo`](https://helm.sh/docs/helm/helm_repo/) for command documentation._ - -## Install Chart - -```console -helm install [RELEASE_NAME] prometheus-community/prometheus-node-exporter -``` - -_See [configuration](#configuring) below._ - -_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._ - -## Uninstall Chart - -```console -helm uninstall [RELEASE_NAME] -``` - -This removes all the Kubernetes components associated with the chart and deletes the release. - -_See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation._ - -## Upgrading Chart - -```console -helm upgrade [RELEASE_NAME] [CHART] --install -``` - -_See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation._ - -### 3.x to 4.x - -Starting from version 4.0.0, the `node exporter` chart is using the [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). Therefore you have to delete the daemonset before you upgrade. - -```console -kubectl delete daemonset -l app=prometheus-node-exporter -helm upgrade -i prometheus-node-exporter prometheus-community/prometheus-node-exporter -``` - -If you use your own custom [ServiceMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor) or [PodMonitor](https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#podmonitor), please ensure to upgrade their `selector` fields accordingly to the new labels. - -### From 2.x to 3.x - -Change the following: - -```yaml -hostRootFsMount: true -``` - -to: - -```yaml -hostRootFsMount: - enabled: true - mountPropagation: HostToContainer -``` - -## Configuring - -See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments, visit the chart's [values.yaml](./values.yaml), or run these configuration commands: - -```console -helm show values prometheus-community/prometheus-node-exporter -``` diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/NOTES.txt b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/NOTES.txt deleted file mode 100644 index 77d0b3c6f..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/NOTES.txt +++ /dev/null @@ -1,15 +0,0 @@ -1. Get the application URL by running these commands: -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ template "prometheus-node-exporter.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ template "prometheus-node-exporter.namespace" . }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ template "prometheus-node-exporter.namespace" . }} -l "app.kubernetes.io/name={{ template "prometheus-node-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application" - kubectl port-forward --namespace {{ template "prometheus-node-exporter.namespace" . }} $POD_NAME {{ .Values.service.port }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/_helpers.tpl b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/_helpers.tpl deleted file mode 100644 index 10e567d81..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/_helpers.tpl +++ /dev/null @@ -1,136 +0,0 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "prometheus-node-exporter.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "prometheus-node-exporter.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Generate basic labels */}} -{{- define "prometheus-node-exporter.labels" }} -helm.sh/chart: {{ template "prometheus-node-exporter.chart" . }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: metrics -app.kubernetes.io/part-of: {{ template "prometheus-node-exporter.name" . }} -{{- include "prometheus-node-exporter.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if .Values.podLabels}} -{{ toYaml .Values.podLabels }} -{{- end }} -{{- if .Values.releaseLabel }} -release: {{ .Release.Name }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "prometheus-node-exporter.selectorLabels" }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/name: {{ template "prometheus-node-exporter.name" . }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "prometheus-node-exporter.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - - -{{/* -Create the name of the service account to use -*/}} -{{- define "prometheus-node-exporter.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -The image to use -*/}} -{{- define "prometheus-node-exporter.image" -}} -{{- if .Values.image.sha -}} -{{- printf "%s:%s@%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) .Values.image.sha }} -{{- else -}} -{{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- end }} -{{- end }} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "prometheus-node-exporter.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* -Create the namespace name of the service monitor -*/}} -{{- define "prometheus-node-exporter.monitor-namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- if .Values.prometheus.monitor.namespace -}} - {{- .Values.prometheus.monitor.namespace -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/daemonset.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/daemonset.yaml deleted file mode 100644 index 28984a8dd..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/daemonset.yaml +++ /dev/null @@ -1,234 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "prometheus-node-exporter.fullname" . }} - namespace: {{ template "prometheus-node-exporter.namespace" . }} - labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} -spec: - selector: - matchLabels: - {{- include "prometheus-node-exporter.selectorLabels" . | indent 6 }} - {{- if .Values.updateStrategy }} - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} - {{- end }} - template: - metadata: - labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }} - {{- if .Values.podAnnotations }} - annotations: - {{- toYaml .Values.podAnnotations | nindent 8 }} - {{- end }} - spec: - automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} - serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }} -{{- if .Values.securityContext }} - securityContext: -{{ toYaml .Values.securityContext | indent 8 }} -{{- end }} -{{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} -{{- end }} - {{- if .Values.extraInitContainers }} - initContainers: - {{ toYaml .Values.extraInitContainers | nindent 6 }} - {{- end }} - containers: - - name: node-exporter - image: {{ template "system_default_registry" . }}{{ include "prometheus-node-exporter.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - --path.procfs=/host/proc - - --path.sysfs=/host/sys - {{- if .Values.hostRootFsMount.enabled }} - - --path.rootfs=/host/root - {{- end }} - - --web.listen-address=[$(HOST_IP)]:{{ .Values.service.port }} -{{- if .Values.extraArgs }} -{{ toYaml .Values.extraArgs | indent 12 }} -{{- end }} - {{- with .Values.containerSecurityContext }} - securityContext: {{ toYaml . | nindent 12 }} - {{- end }} - env: - - name: HOST_IP - {{- if .Values.service.listenOnAllInterfaces }} - value: 0.0.0.0 - {{- else }} - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - {{- end }} - {{- range $key, $value := .Values.env }} - - name: {{ $key }} - value: {{ $value | quote }} - {{- end }} - ports: - - name: {{ .Values.service.portName }} - containerPort: {{ .Values.service.port }} - protocol: TCP - livenessProbe: - failureThreshold: {{ .Values.livenessProbe.failureThreshold }} - httpGet: - httpHeaders: - {{- range $_, $header := .Values.livenessProbe.httpGet.httpHeaders }} - - name: {{ $header.name }} - value: {{ $header.value }} - {{- end }} - path: / - port: {{ .Values.service.port }} - scheme: {{ upper .Values.livenessProbe.httpGet.scheme }} - initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.livenessProbe.successThreshold }} - timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} - readinessProbe: - failureThreshold: {{ .Values.readinessProbe.failureThreshold }} - httpGet: - httpHeaders: - {{- range $_, $header := .Values.readinessProbe.httpGet.httpHeaders }} - - name: {{ $header.name }} - value: {{ $header.value }} - {{- end }} - path: / - port: {{ .Values.service.port }} - scheme: {{ upper .Values.readinessProbe.httpGet.scheme }} - initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} - resources: -{{ toYaml .Values.resources | indent 12 }} - volumeMounts: - - name: proc - mountPath: /host/proc - readOnly: true - - name: sys - mountPath: /host/sys - readOnly: true - {{- if .Values.hostRootFsMount.enabled }} - - name: root - mountPath: /host/root - {{- with .Values.hostRootFsMount.mountPropagation }} - mountPropagation: {{ . }} - {{- end }} - readOnly: true - {{- end }} - {{- if .Values.extraHostVolumeMounts }} - {{- range $_, $mount := .Values.extraHostVolumeMounts }} - - name: {{ $mount.name }} - mountPath: {{ $mount.mountPath }} - readOnly: {{ $mount.readOnly }} - {{- if $mount.mountPropagation }} - mountPropagation: {{ $mount.mountPropagation }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.sidecarVolumeMount }} - {{- range $_, $mount := .Values.sidecarVolumeMount }} - - name: {{ $mount.name }} - mountPath: {{ $mount.mountPath }} - readOnly: true - {{- end }} - {{- end }} - {{- if .Values.configmaps }} - {{- range $_, $mount := .Values.configmaps }} - - name: {{ $mount.name }} - mountPath: {{ $mount.mountPath }} - {{- end }} - {{- if .Values.secrets }} - {{- range $_, $mount := .Values.secrets }} - - name: {{ .name }} - mountPath: {{ .mountPath }} - {{- end }} - {{- end }} - {{- end }} -{{- if .Values.sidecars }} -{{ toYaml .Values.sidecars | indent 8 }} - {{- if or .Values.sidecarVolumeMount .Values.sidecarHostVolumeMounts }} - volumeMounts: - {{- range $_, $mount := .Values.sidecarVolumeMount }} - - name: {{ $mount.name }} - mountPath: {{ $mount.mountPath }} - readOnly: {{ $mount.readOnly }} - {{- end }} - {{- range $_, $mount := .Values.sidecarHostVolumeMounts }} - - name: {{ $mount.name }} - mountPath: {{ $mount.mountPath }} - readOnly: {{ $mount.readOnly }} - {{- if $mount.mountPropagation }} - mountPropagation: {{ $mount.mountPropagation }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} -{{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - hostNetwork: {{ .Values.hostNetwork }} - hostPID: {{ .Values.hostPID }} -{{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} -{{- with .Values.dnsConfig }} - dnsConfig: -{{ toYaml . | indent 8 }} -{{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.tolerations }} -{{- toYaml .Values.tolerations | nindent 8 }} -{{- end }} - volumes: - - name: proc - hostPath: - path: /proc - - name: sys - hostPath: - path: /sys - {{- if .Values.hostRootFsMount.enabled }} - - name: root - hostPath: - path: / - {{- end }} - {{- if .Values.extraHostVolumeMounts }} - {{- range $_, $mount := .Values.extraHostVolumeMounts }} - - name: {{ $mount.name }} - hostPath: - path: {{ $mount.hostPath }} - {{- end }} - {{- end }} - {{- if .Values.sidecarVolumeMount }} - {{- range $_, $mount := .Values.sidecarVolumeMount }} - - name: {{ $mount.name }} - emptyDir: - medium: Memory - {{- end }} - {{- end }} - {{- if .Values.sidecarHostVolumeMounts }} - {{- range $_, $mount := .Values.sidecarHostVolumeMounts }} - - name: {{ $mount.name }} - hostPath: - path: {{ $mount.hostPath }} - {{- end }} - {{- end }} - {{- if .Values.configmaps }} - {{- range $_, $mount := .Values.configmaps }} - - name: {{ $mount.name }} - configMap: - name: {{ $mount.name }} - {{- end }} - {{- end }} - {{- if .Values.secrets }} - {{- range $_, $mount := .Values.secrets }} - - name: {{ $mount.name }} - secret: - secretName: {{ $mount.name }} - {{- end }} - {{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/endpoints.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/endpoints.yaml deleted file mode 100644 index b638c954a..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/endpoints.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.endpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "prometheus-node-exporter.fullname" . }} - namespace: {{ template "prometheus-node-exporter.namespace" . }} - labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} -subsets: - - addresses: - {{- range .Values.endpoints }} - - ip: {{ . }} - {{- end }} - ports: - - name: {{ .Values.service.portName }} - port: {{ .Values.service.port }} - protocol: TCP -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml deleted file mode 100644 index 91514b313..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.rbac.create }} -{{- if .Values.global.cattle.psp.enabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: psp-{{ template "prometheus-node-exporter.fullname" . }} - labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} -rules: -- apiGroups: ['extensions'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "prometheus-node-exporter.fullname" . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml deleted file mode 100644 index edca1d556..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rbac.create }} -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: psp-{{ template "prometheus-node-exporter.fullname" . }} - labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: psp-{{ template "prometheus-node-exporter.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "prometheus-node-exporter.fullname" . }} - namespace: {{ template "prometheus-node-exporter.namespace" . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp.yaml deleted file mode 100644 index 6ec4212ff..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/psp.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.rbac.create }} -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "prometheus-node-exporter.fullname" . }} - namespace: {{ template "prometheus-node-exporter.namespace" . }} - labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} -{{- if .Values.rbac.pspAnnotations }} - annotations: -{{ toYaml .Values.rbac.pspAnnotations | indent 4 }} -{{- end}} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - - 'hostPath' - hostNetwork: true - hostIPC: false - hostPID: true - hostPorts: - - min: 0 - max: 65535 - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/service.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/service.yaml deleted file mode 100644 index fbed05ca0..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "prometheus-node-exporter.fullname" . }} - namespace: {{ template "prometheus-node-exporter.namespace" . }} - labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: {{ .Values.service.portName }} - selector: - {{- include "prometheus-node-exporter.selectorLabels" . | indent 4 }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/serviceaccount.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/serviceaccount.yaml deleted file mode 100644 index dc3fee6ac..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/serviceaccount.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.create -}} -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "prometheus-node-exporter.serviceAccountName" . }} - namespace: {{ template "prometheus-node-exporter.namespace" . }} - labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} - annotations: -{{ toYaml .Values.serviceAccount.annotations | indent 4 }} -imagePullSecrets: -{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/servicemonitor.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/servicemonitor.yaml deleted file mode 100644 index 04bb1807c..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/templates/servicemonitor.yaml +++ /dev/null @@ -1,61 +0,0 @@ -{{- if .Values.prometheus.monitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "prometheus-node-exporter.fullname" . }} - namespace: {{ template "prometheus-node-exporter.monitor-namespace" . }} - labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} - {{- if .Values.prometheus.monitor.additionalLabels }} - {{- toYaml .Values.prometheus.monitor.additionalLabels | nindent 4 }} - {{- end }} -spec: - jobLabel: {{ default "app.kubernetes.io/name" .Values.prometheus.monitor.jobLabel }} - selector: - matchLabels: - {{- if .Values.prometheus.monitor.selectorOverride }} - {{ toYaml .Values.prometheus.monitor.selectorOverride | indent 6 }} - {{ else }} - {{ include "prometheus-node-exporter.selectorLabels" . | indent 6 }} - {{- end }} - endpoints: - - port: {{ .Values.service.portName }} - scheme: {{ .Values.prometheus.monitor.scheme }} - {{- with .Values.prometheus.monitor.basicAuth }} - basicAuth: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.prometheus.monitor.bearerTokenFile }} - bearerTokenFile: {{ . }} - {{- end }} - {{- with .Values.prometheus.monitor.tlsConfig }} - tlsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.prometheus.monitor.proxyUrl }} - proxyUrl: {{ . }} - {{- end }} - {{- with .Values.prometheus.monitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.prometheus.monitor.scrapeTimeout }} - scrapeTimeout: {{ . }} - {{- end }} - {{- with .Values.prometheus.monitor.relabelings }} - relabelings: - {{- toYaml . | nindent 8 }} - {{- end }} - metricRelabelings: - {{- with .Values.prometheus.monitor.metricRelabelings }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/prometheus-node-exporter/values.yaml b/charts/rancher-monitoring/charts/prometheus-node-exporter/values.yaml deleted file mode 100644 index ef45db9b4..000000000 --- a/charts/rancher-monitoring/charts/prometheus-node-exporter/values.yaml +++ /dev/null @@ -1,252 +0,0 @@ -# Default values for prometheus-node-exporter. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - -image: - repository: rancher/mirrored-prometheus-node-exporter - # Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }} - tag: v1.3.1 - pullPolicy: IfNotPresent - sha: "" - -imagePullSecrets: [] -# - name: "image-pull-secret" - -service: - type: ClusterIP - port: 9796 - targetPort: 9796 - nodePort: - portName: metrics - listenOnAllInterfaces: true - annotations: - prometheus.io/scrape: "true" - -# Additional environment variables that will be passed to the daemonset -env: {} -## env: -## VARIABLE: value - -prometheus: - monitor: - enabled: false - additionalLabels: {} - namespace: "" - - jobLabel: "" - - scheme: http - basicAuth: {} - bearerTokenFile: - tlsConfig: {} - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## Override serviceMonitor selector - ## - selectorOverride: {} - - relabelings: [] - metricRelabelings: [] - interval: "" - scrapeTimeout: 10s - -## Customize the updateStrategy if set -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 200m - # memory: 50Mi - # requests: - # cpu: 100m - # memory: 30Mi - -serviceAccount: - # Specifies whether a ServiceAccount should be created - create: true - # The name of the ServiceAccount to use. - # If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - imagePullSecrets: [] - automountServiceAccountToken: false - -securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - -containerSecurityContext: {} - # capabilities: - # add: - # - SYS_TIME - -rbac: - ## If true, create & use RBAC resources - ## - create: true - pspAnnotations: {} - -# for deployments that have node_exporter deployed outside of the cluster, list -# their addresses here -endpoints: [] - -# Expose the service to the host network -hostNetwork: true - -# Share the host process ID namespace -hostPID: true - -# Mount the node's root file system (/) at /host/root in the container -hostRootFsMount: - enabled: true - # Defines how new mounts in existing mounts on the node or in the container - # are propagated to the container or node, respectively. Possible values are - # None, HostToContainer, and Bidirectional. If this field is omitted, then - # None is used. More information on: - # https://kubernetes.io/docs/concepts/storage/volumes/#mount-propagation - mountPropagation: HostToContainer - -## Assign a group of affinity scheduling rules -## -affinity: {} -# nodeAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# nodeSelectorTerms: -# - matchFields: -# - key: metadata.name -# operator: In -# values: -# - target-host-name - -# Annotations to be added to node exporter pods -podAnnotations: - # Fix for very slow GKE cluster upgrades - cluster-autoscaler.kubernetes.io/safe-to-evict: "true" - -# Extra labels to be added to node exporter pods -podLabels: {} - -## set to true to add the release label so scraping of the servicemonitor with kube-prometheus-stack works out of the box -releaseLabel: false - -# Custom DNS configuration to be added to prometheus-node-exporter pods -dnsConfig: {} -# nameservers: -# - 1.2.3.4 -# searches: -# - ns1.svc.cluster-domain.example -# - my.dns.search.suffix -# options: -# - name: ndots -# value: "2" -# - name: edns0 - -## Assign a nodeSelector if operating a hybrid cluster -## -nodeSelector: {} -# beta.kubernetes.io/arch: amd64 -# beta.kubernetes.io/os: linux - -tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - -## Assign a PriorityClassName to pods if set -# priorityClassName: "" - -## Additional container arguments -## -extraArgs: [] -# - --collector.diskstats.ignored-devices=^(ram|loop|fd|(h|s|v)d[a-z]|nvme\\d+n\\d+p)\\d+$ -# - --collector.textfile.directory=/run/prometheus - -## Additional mounts from the host to node-exporter container -## -extraHostVolumeMounts: [] -# - name: -# hostPath: -# mountPath: -# readOnly: true|false -# mountPropagation: None|HostToContainer|Bidirectional - -## Additional configmaps to be mounted. -## -configmaps: [] -# - name: -# mountPath: -secrets: [] -# - name: -# mountPath: -## Override the deployment namespace -## -namespaceOverride: "" - -## Additional containers for export metrics to text file -## -sidecars: [] -## - name: nvidia-dcgm-exporter -## image: nvidia/dcgm-exporter:1.4.3 - -## Volume for sidecar containers -## -sidecarVolumeMount: [] -## - name: collector-textfiles -## mountPath: /run/prometheus -## readOnly: false - -## Additional mounts from the host to sidecar containers -## -sidecarHostVolumeMounts: [] -# - name: -# hostPath: -# mountPath: -# readOnly: true|false -# mountPropagation: None|HostToContainer|Bidirectional - -## Additional InitContainers to initialize the pod -## -extraInitContainers: [] - -## Liveness probe -## -livenessProbe: - failureThreshold: 3 - httpGet: - httpHeaders: [] - scheme: http - initialDelaySeconds: 0 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - -## Readiness probe -## -readinessProbe: - failureThreshold: 3 - httpGet: - httpHeaders: [] - scheme: http - initialDelaySeconds: 0 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/.helmignore b/charts/rancher-monitoring/charts/rke2ControllerManager/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/Chart.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/Chart.yaml deleted file mode 100644 index 57f71229b..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rke2ControllerManager -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/README.md b/charts/rancher-monitoring/charts/rke2ControllerManager/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2ControllerManager/values.yaml b/charts/rancher-monitoring/charts/rke2ControllerManager/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rke2ControllerManager/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rke2Etcd/.helmignore b/charts/rancher-monitoring/charts/rke2Etcd/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2Etcd/Chart.yaml b/charts/rancher-monitoring/charts/rke2Etcd/Chart.yaml deleted file mode 100644 index 89849a581..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rke2Etcd -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rke2Etcd/README.md b/charts/rancher-monitoring/charts/rke2Etcd/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2Etcd/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Etcd/values.yaml b/charts/rancher-monitoring/charts/rke2Etcd/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rke2Etcd/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/.helmignore b/charts/rancher-monitoring/charts/rke2IngressNginx/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/Chart.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/Chart.yaml deleted file mode 100644 index 6c0f921d3..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rke2IngressNginx -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/README.md b/charts/rancher-monitoring/charts/rke2IngressNginx/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2IngressNginx/values.yaml b/charts/rancher-monitoring/charts/rke2IngressNginx/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rke2IngressNginx/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rke2Proxy/.helmignore b/charts/rancher-monitoring/charts/rke2Proxy/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2Proxy/Chart.yaml b/charts/rancher-monitoring/charts/rke2Proxy/Chart.yaml deleted file mode 100644 index afd0c1544..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rke2Proxy -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rke2Proxy/README.md b/charts/rancher-monitoring/charts/rke2Proxy/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2Proxy/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Proxy/values.yaml b/charts/rancher-monitoring/charts/rke2Proxy/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rke2Proxy/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/.helmignore b/charts/rancher-monitoring/charts/rke2Scheduler/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/Chart.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/Chart.yaml deleted file mode 100644 index a981edb04..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rke2Scheduler -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/README.md b/charts/rancher-monitoring/charts/rke2Scheduler/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rke2Scheduler/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rke2Scheduler/values.yaml b/charts/rancher-monitoring/charts/rke2Scheduler/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rke2Scheduler/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/.helmignore b/charts/rancher-monitoring/charts/rkeControllerManager/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/Chart.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/Chart.yaml deleted file mode 100644 index 7f1c5acdf..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rkeControllerManager -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/README.md b/charts/rancher-monitoring/charts/rkeControllerManager/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeControllerManager/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeControllerManager/values.yaml b/charts/rancher-monitoring/charts/rkeControllerManager/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rkeControllerManager/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeEtcd/.helmignore b/charts/rancher-monitoring/charts/rkeEtcd/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeEtcd/Chart.yaml b/charts/rancher-monitoring/charts/rkeEtcd/Chart.yaml deleted file mode 100644 index d1a878f21..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rkeEtcd -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rkeEtcd/README.md b/charts/rancher-monitoring/charts/rkeEtcd/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeEtcd/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeEtcd/values.yaml b/charts/rancher-monitoring/charts/rkeEtcd/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rkeEtcd/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/.helmignore b/charts/rancher-monitoring/charts/rkeIngressNginx/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/Chart.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/Chart.yaml deleted file mode 100644 index 1a2ddb019..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rkeIngressNginx -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/README.md b/charts/rancher-monitoring/charts/rkeIngressNginx/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeIngressNginx/values.yaml b/charts/rancher-monitoring/charts/rkeIngressNginx/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rkeIngressNginx/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeProxy/.helmignore b/charts/rancher-monitoring/charts/rkeProxy/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeProxy/Chart.yaml b/charts/rancher-monitoring/charts/rkeProxy/Chart.yaml deleted file mode 100644 index a9637ef8f..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rkeProxy -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rkeProxy/README.md b/charts/rancher-monitoring/charts/rkeProxy/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeProxy/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeProxy/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeProxy/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeProxy/values.yaml b/charts/rancher-monitoring/charts/rkeProxy/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rkeProxy/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/rkeScheduler/.helmignore b/charts/rancher-monitoring/charts/rkeScheduler/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/rkeScheduler/Chart.yaml b/charts/rancher-monitoring/charts/rkeScheduler/Chart.yaml deleted file mode 100644 index c4a6baeb7..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0' - catalog.cattle.io/os: linux - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-pushprox -apiVersion: v1 -appVersion: 0.1.0 -description: Sets up a deployment of the PushProx proxy and a DaemonSet of PushProx - clients. -name: rkeScheduler -type: application -version: 0.2.0 diff --git a/charts/rancher-monitoring/charts/rkeScheduler/README.md b/charts/rancher-monitoring/charts/rkeScheduler/README.md deleted file mode 100644 index 345002f48..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/README.md +++ /dev/null @@ -1,90 +0,0 @@ -# rancher-pushprox - -A Rancher chart based on Rancher [PushProx](https://github.com/rancher/PushProx) that sets up a Deployment of a PushProx proxy and a DaemonSet of PushProx clients on a Kubernetes cluster. - -Installs [rancher-pushprox](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-pushprox) to create PushProx clients that can access their host's network and register with a PushProx proxy. A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR is also included that is configured to scrape the metrics from each of the clients through the proxy. - -Using an instance of this chart is suitable for the following scenarios: -- You need to scrape metrics from a port that should not be accessible outside of the host (e.g. scraping `etcd` metrics in a hardened cluster) -- You need to scrape metrics on a host that are not exposed outside of 127.0.0.1 (e.g. scraping `kube-proxy` metrics) -- You need to scrape metrics through HTTPS using certs hosted directly on `hostPath` -- You need to scrape metrics from Kubernetes components that require authorization via a service account (e.g. permissions to make request to `/metrics`) -- You need to scrape metrics without access to cacerts (i.e. enable `insecureSkipVerify`) - -The clients and proxy are created based on a Rancher fork of the [prometheus-community/PushProx](https://github.com/prometheus-community/PushProx) project. - -## Upgrading to Kubernetes v1.25+ - -Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. - -As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. -​ -> **Note:** -> In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. - -> **Note:** -> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** -> -> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. - -Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. - -As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. - -## Configuration - -The following tables list the configurable parameters of the rancher-pushprox chart and their default values. - -### General - -#### Required -| Parameter | Description | Example | -| ----- | ----------- | ------ | -| `component` | The component that is being monitored | `kube-etcd` -| `metricsPort` | The port on the host that contains the metrics you want to scrape (e.g. `http://:/metrics`) | `2379` | -| `namespaceOverride` | The namespace to install the chart | `""` - -#### Optional -| Parameter | Description | Default | -| ----- | ----------- | ------ | -| `serviceMonitor.enabled` | Deploys a [Prometheus Operator](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitor) ServiceMonitor CR that is configured to scrape metrics on the hosts that the clients are deployed on via the proxy. Also deploys a Service that points to all pods with the expected client name that exposes the `metricsPort` selected | `true` | -| `serviceMonitor.endpoints` | A list of endpoints that will be added to the ServiceMonitor based on the [Endpoint spec](https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint) | `[{port: metrics}]` | -| `service.selector` | The selector that is used to populate the Service's Endpoints object. The chart will error out on rendering templating if `.Values.clients.enabled` is set alongside this field, since it is expected that this service should point to the PushProx Clients Daemonset / Deployment | `{}` | -| `clients.enabled` | Deploys a DaemonSet of clients that are each capable of scraping endpoints on the hostNetwork it is deployed on | `true` | -| `clients.port` | The port where the client will publish PushProx client-specific metrics. If deploying multiple clients onto the same node, the clients should not have conflicting ports | `9369` | -| `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` | -| `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` | -| `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` | -| `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` | -| `clients.https.authenticationMethod.bearerTokenSecret.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` | -| `clients.https.authenticationMethod.authorization.enabled` | If set to true, the client will use service account credentials to scrape `/metrics` endpoint of Kubernetes components | `false` | -| `clients.https.authenticationMethod.authorization.type` | If set, the client will use this type of authorization in its client requests for metrics | `"bearer"` | -| `clients.https.authenticationMethod.authorization.credentials.key` | If set, the client will use this key in the secret created by `clients.https.useServiceAccountCredentials` for authorization in its client requests for metrics | `"token"` | -| `clients.https.authenticationMethod.authorization.credentials.optional` | If set to false, the client will fail if the key in the secret created by `clients.https.useServiceAccountCredentials` does not exist | `false` | -| `clients.https.insecureSkipVerify` | If set to true, the client will disable SSL security checks | `false` | -| `clients.https.certDir` | A `hostPath` where TLS certs can be found. This path is mounted as a volume on an `initContainer` which copies only the necessary files over to an EmptyDir volume used by each client. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.certFile` | The path to the TLS cert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.keyFile` | The path to the TLS key file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.caCertFile` | The path to the TLS cacert file located within `clients.https.certDir`. Required and only used if `clients.https.enabled` is set | `""` | -| `clients.https.seLinuxOptions` | seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. | `""` | -| `clients.metrics.enabled` | Whether the client should publish PushProx client-specific metrics. | `false` | -| `clients.rbac.additionalRules` | Additional permissions to provide to the ServiceAccount bound to the client. This can be used to provide additional permissions for the client to scrape metrics from the k8s API. Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true | `[]` | -| `clients.deployment.enabled` | Deploys the client as a Deployment (generally used if the underlying hostNetwork Pod that is being scraped is managed by a Deployment) | `false` | -| `clients.deployment.replicas` | The number of pods the Deployment has, it should match the number of pod the hostNetwork Deployment has. Required and only used if `client.deployment.enable` is set | `0` | -| `clients.deployment.affinity` | The affinity rules that allocate the pod to the node in which the hostNetwork Deployment's pods run. Required and only used if `client.deployment.enable` is set | `{}` | -| `clients.resources` | Set resource limits and requests for the client container | `{}` | -| `clients.nodeSelector` | Select which nodes to deploy the clients on | `{}` | -| `clients.tolerations` | Specify tolerations for clients | `[]` | -| `proxy.enabled` | Deploys the proxy that each client will register with | `true` | -| `proxy.port` | The port exposed by the proxy that each client will register with to allow metrics to be scraped from the host | `8080` | -| `proxy.resources` | Set resource limits and requests for the proxy container | `{}` | -| `proxy.nodeSelector` | Select which nodes the proxy can be deployed on | `{}` | -| `proxy.tolerations` | Specify tolerations (if necessary) to allow the proxy to be deployed on the selected node | `[]` | -| `kubeVersionOverrides` | A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches any of the semver constraints provided as keys on the map. On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. | `[]` - -*Tip: The filepaths set in `clients.https.File` can include wildcard characters*. - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for examples of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/_helpers.tpl b/charts/rancher-monitoring/charts/rkeScheduler/templates/_helpers.tpl deleted file mode 100644 index 8e651dccf..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/_helpers.tpl +++ /dev/null @@ -1,166 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# General - -{{- define "applyKubeVersionOverrides" -}} -{{- $overrides := dict -}} -{{- range $override := .Values.kubeVersionOverrides -}} -{{- if semverCompare $override.constraint $.Capabilities.KubeVersion.Version -}} -{{- $_ := mergeOverwrite $overrides $override.values -}} -{{- end -}} -{{- end -}} -{{- $_ := mergeOverwrite .Values $overrides -}} -{{- end -}} - -{{- define "pushprox.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{- define "pushProxy.commonLabels" -}} -release: {{ .Release.Name }} -component: {{ .Values.component | quote }} -provider: kubernetes -{{- end -}} - -{{- define "pushProxy.proxyUrl" -}} -{{- $_ := (required "Template requires either .Values.proxy.port or .Values.client.proxyUrl to set proxyUrl for client" (or .Values.clients.proxyUrl .Values.proxy.port)) -}} -{{- if .Values.clients.proxyUrl -}} -{{ printf "%s" .Values.clients.proxyUrl }} -{{- else -}} -{{ printf "http://%s.%s.svc:%d" (include "pushProxy.proxy.name" .) (include "pushprox.namespace" .) (int .Values.proxy.port) }} -{{- end -}}{{- end -}} - -# Client - -{{- define "pushProxy.client.name" -}} -{{- printf "pushprox-%s-client" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.serviceAccountTokenName" -}} -{{- printf "pushprox-%s-client-service-account-token" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.client.labels" -}} -k8s-app: {{ template "pushProxy.client.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# Proxy - -{{- define "pushProxy.proxy.name" -}} -{{- printf "pushprox-%s-proxy" (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.proxy.labels" -}} -k8s-app: {{ template "pushProxy.proxy.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -# ServiceMonitor - -{{- define "pushprox.serviceMonitor.name" -}} -{{- printf "%s-%s" .Release.Name (required ".Values.component is required" .Values.component) -}} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.labels" -}} -app: {{ template "pushprox.serviceMonitor.name" . }} -{{ template "pushProxy.commonLabels" . }} -{{- end -}} - -{{- define "pushProxy.serviceMonitor.endpoints" -}} -{{- $proxyURL := (include "pushProxy.proxyUrl" .) -}} -{{- $useHTTPS := .Values.clients.https.enabled -}} -{{- $forceHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}} -{{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}} -{{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}} -{{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}} -{{- $metricRelabelings := list }} -{{- $endpoints := .Values.serviceMonitor.endpoints }} -{{- range $endpoints }} -{{- if $.Values.proxy.enabled }} -{{- $_ := set . "proxyUrl" $proxyURL }} -{{- end }} -{{- $clusterIdRelabel := dict }} -{{- if $.Values.global.cattle.clusterId }} -{{- $_ := set $clusterIdRelabel "action" "replace" }} -{{- $_ := set $clusterIdRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterIdRelabel "targetLabel" "cluster_id" }} -{{- $_ := set $clusterIdRelabel "replacement" $.Values.global.cattle.clusterId }} -{{- end }} -{{- $clusterNameRelabel := dict }} -{{- if $.Values.global.cattle.clusterName }} -{{- $_ := set $clusterNameRelabel "action" "replace" }} -{{- $_ := set $clusterNameRelabel "sourceLabels" (list "__address__") }} -{{- $_ := set $clusterNameRelabel "targetLabel" "cluster_name" }} -{{- $_ := set $clusterNameRelabel "replacement" $.Values.global.cattle.clusterName }} -{{- end }} -{{- $metricRelabelings := gt (len (keys $clusterNameRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterNameRelabel)) ($metricRelabelings) }} -{{- $metricRelabelings := gt (len (keys $clusterIdRelabel)) 0 | ternary (append ($metricRelabelings) ($clusterIdRelabel)) ($metricRelabelings) }} -{{- if not (empty $metricRelabelings) }} -{{- $_ := set . "metricRelabelings" ($metricRelabelings)}} -{{- end }} -{{- if $forceHTTPSScheme -}} -{{- $_ := set . "scheme" "https" }} -{{- end -}} -{{- if $useHTTPS -}} -{{- if (hasKey . "params") }} -{{- $_ := set (get . "params") "_scheme" (list "https") }} -{{- else }} -{{- $_ := set . "params" (dict "_scheme" (list "https")) }} -{{- end }} -{{- end }} -{{- if (hasKey . "tlsConfig") }} -{{- $_ := set (get . "tlsConfig") "insecureSkipVerify" $insecureSkipVerify }} -{{- else }} -{{- $_ := set . "tlsConfig" (dict "insecureSkipVerify" $insecureSkipVerify) }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenFile.enabled }} -{{- $_ := set . "bearerTokenFile" $.Values.clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.bearerTokenSecret.enabled }} -{{- $_ := set . "bearerTokenSecret" $serviceAccountTokenName }} -{{- end }} -{{- if $.Values.clients.https.authenticationMethod.authorization.enabled }} -{{- if (hasKey . "authorization") }} -{{- $_ := set (get . "authorization") "type" $.Values.clients.https.authenticationMethod.authorization.type }} -{{- $_ := set (get . "authorization") "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional) }} -{{- else }} -{{- $_ := set . "authorization" (dict "type" $.Values.clients.https.authenticationMethod.authorization.type) }} -{{- $_ := set . "authorization" (dict "credentials" (dict "name" $serviceAccountTokenName "key" $.Values.clients.https.authenticationMethod.authorization.credentials.key "optional" $.Values.clients.https.authenticationMethod.authorization.credentials.optional)) }} -{{- end }} -{{- end }} -{{- end }} -{{- toYaml $endpoints }} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml deleted file mode 100644 index a8e27c373..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients-rbac.yaml +++ /dev/null @@ -1,97 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.client.name" . }} -{{- end }} -{{- if and .Values.clients.https.enabled .Values.clients.https.useServiceAccountCredentials }} -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -{{- if .Values.clients.rbac.additionalRules }} -{{ toYaml .Values.clients.rbac.additionalRules }} -{{- end }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.client.name" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.client.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} ---- -{{- if .Values.clients.https.useServiceAccountCredentials }} -apiVersion: v1 -kind: Secret -type: kubernetes.io/service-account-token -metadata: - name: {{ template "pushProxy.client.serviceAccountTokenName" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - annotations: - kubernetes.io/service-account.name: {{ template "pushProxy.client.name" . }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: true - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 6 }} -{{- end }} - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - - 'emptyDir' - - 'hostPath' - allowedHostPaths: - - pathPrefix: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - readOnly: true -{{- end }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients.yaml deleted file mode 100644 index e8fcfb388..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-clients.yaml +++ /dev/null @@ -1,157 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.clients }}{{- if .Values.clients.enabled }} -apiVersion: apps/v1 -{{- if .Values.clients.deployment.enabled }} -kind: Deployment -{{- else }} -kind: DaemonSet -{{- end }} -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} - pushprox-exporter: "client" -spec: - {{- if .Values.clients.deployment.enabled }} - replicas: {{ .Values.clients.deployment.replicas }} - {{- end }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.client.labels" . | nindent 8 }} - spec: - {{- if .Values.clients.affinity }} - affinity: {{ toYaml .Values.clients.affinity | nindent 8 }} - {{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.clients.tolerations }} -{{ toYaml .Values.clients.tolerations | indent 8 }} -{{- end }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - serviceAccountName: {{ template "pushProxy.client.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-client - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: - {{- range .Values.clients.command }} - - {{ . | quote }} - {{- end }} - args: - - --fqdn=$(HOST_IP) - - --proxy-url=$(PROXY_URL) - {{- if .Values.clients.metrics.enabled }} - - --metrics-addr=$(PORT) - {{- end }} - - --allow-port={{ required "Need .Values.metricsPort to configure client to be allowed to scrape metrics at port" .Values.metricsPort}} - {{- if .Values.clients.useLocalhost }} - - --use-localhost - {{- end }} - {{- if .Values.clients.https.enabled }} - {{- if .Values.clients.https.insecureSkipVerify }} - - --insecure-skip-verify - {{- end }} - {{- if .Values.clients.https.useServiceAccountCredentials }} - - --token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - {{- end }} - {{- if .Values.clients.https.certDir }} - - --tls.cert=/etc/ssl/push-proxy/push-proxy.pem - - --tls.key=/etc/ssl/push-proxy/push-proxy-key.pem - - --tls.cacert=/etc/ssl/push-proxy/push-proxy-ca-cert.pem - {{- end }} - {{- end }} - env: - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - {{- if .Values.clients.metrics.enabled }} - - name: PORT - value: :{{ .Values.clients.port }} - {{- end }} - - name: PROXY_URL - value: {{ template "pushProxy.proxyUrl" . }} - securityContext: - runAsNonRoot: true - runAsUser: 1000 - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - volumeMounts: - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - {{- end }} - {{- if .Values.clients.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} - {{- end }} - {{- if and .Values.clients.https.enabled .Values.clients.https.certDir }} - initContainers: - - name: copy-certs - image: {{ template "system_default_registry" . }}{{ .Values.clients.copyCertsImage.repository }}:{{ .Values.clients.copyCertsImage.tag }} - command: - - sh - - -c - - | - echo "Searching for files to copy within the source volume" - echo "cert: ${CERT_FILE_NAME}" - echo "key: ${KEY_FILE_NAME}" - echo "cacert: ${CACERT_FILE_NAME}" - - CERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CERT_FILE_NAME}" | sort -r | head -n 1) - KEY_FILE_SOURCE=$(find /etc/source/ -type f -name "${KEY_FILE_NAME}" | sort -r | head -n 1) - CACERT_FILE_SOURCE=$(find /etc/source/ -type f -name "${CACERT_FILE_NAME}" | sort -r | head -n 1) - - test -z ${CERT_FILE_SOURCE} && echo "Failed to find cert file" && exit 1 - test -z ${KEY_FILE_SOURCE} && echo "Failed to find key file" && exit 1 - test -z ${CACERT_FILE_SOURCE} && echo "Failed to find cacert file" && exit 1 - - echo "Copying cert file from $CERT_FILE_SOURCE to $CERT_FILE_TARGET" - cp $CERT_FILE_SOURCE $CERT_FILE_TARGET || exit 1 - chmod 444 $CERT_FILE_TARGET || exit 1 - - echo "Copying key file from $KEY_FILE_SOURCE to $KEY_FILE_TARGET" - cp $KEY_FILE_SOURCE $KEY_FILE_TARGET || exit 1 - chmod 444 $KEY_FILE_TARGET || exit 1 - - echo "Copying cacert file from $CACERT_FILE_SOURCE to $CACERT_FILE_TARGET" - cp $CACERT_FILE_SOURCE $CACERT_FILE_TARGET || exit 1 - chmod 444 $CACERT_FILE_TARGET || exit 1 - env: - - name: CERT_FILE_NAME - value: {{ required "Need a TLS cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.certFile }} - - name: KEY_FILE_NAME - value: {{ required "Need a TLS key file for scraping metrics endpoint over HTTPs" .Values.clients.https.keyFile }} - - name: CACERT_FILE_NAME - value: {{ required "Need a TLS CA cert file for scraping metrics endpoint over HTTPs" .Values.clients.https.caCertFile }} - - name: CERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy.pem - - name: KEY_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-key.pem - - name: CACERT_FILE_TARGET - value: /etc/ssl/push-proxy/push-proxy-ca-cert.pem - securityContext: - runAsNonRoot: false -{{- if and .Values.global.seLinux.enabled .Values.clients.https.seLinuxOptions }} - seLinuxOptions: {{ .Values.clients.https.seLinuxOptions | toYaml | nindent 12 }} -{{- end }} - volumeMounts: - - name: metrics-cert-dir-source - mountPath: /etc/source - readOnly: true - - name: metrics-cert-dir - mountPath: /etc/ssl/push-proxy - volumes: - - name: metrics-cert-dir-source - hostPath: - path: {{ required "Need access to volume on host with the SSL cert files to use HTTPs" .Values.clients.https.certDir }} - - name: metrics-cert-dir - emptyDir: {} - {{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml deleted file mode 100644 index eefe60905..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy-rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "pushProxy.proxy.name" . }} -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "pushProxy.proxy.name" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "pushProxy.proxy.name" . }} -subjects: - - kind: ServiceAccount - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ include "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- end }}{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy.yaml deleted file mode 100644 index 723bbd6c0..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-proxy.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if and .Values.proxy }}{{ if .Values.proxy.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} - pushprox-exporter: "proxy" -spec: - selector: - matchLabels: {{ include "pushProxy.proxy.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "pushProxy.proxy.labels" . | nindent 8 }} - spec: - securityContext: - runAsNonRoot: true - runAsUser: 1000 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- if .Values.proxy.nodeSelector }} -{{ toYaml .Values.proxy.nodeSelector | indent 8 }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- if .Values.proxy.tolerations }} -{{ toYaml .Values.proxy.tolerations | indent 8 }} -{{- end }} - serviceAccountName: {{ template "pushProxy.proxy.name" . }} - {{- if .Values.global.imagePullSecretName }} - imagePullSecrets: - - name: {{ .Values.global.imagePullSecretName }} - {{- end }} - containers: - - name: pushprox-proxy - image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }} - command: - {{- range .Values.proxy.command }} - - {{ . | quote }} - {{- end }} - {{- if .Values.proxy.resources }} - resources: {{ toYaml .Values.proxy.resources | nindent 10 }} - {{- end }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.proxy.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -spec: - ports: - - name: pp-proxy - port: {{ required "Need .Values.proxy.port to configure proxy" .Values.proxy.port }} - protocol: TCP - targetPort: {{ .Values.proxy.port }} - selector: {{ include "pushProxy.proxy.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml deleted file mode 100644 index 67eb2216b..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/pushprox-servicemonitor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- template "applyKubeVersionOverrides" . -}} -{{- if .Values.serviceMonitor }}{{- if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "pushprox.serviceMonitor.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.serviceMonitor.labels" . | nindent 4 }} -spec: - endpoints: {{include "pushProxy.serviceMonitor.endpoints" . | nindent 4 }} - jobLabel: component - podTargetLabels: - - component - - pushprox-exporter - namespaceSelector: - matchNames: - - {{ template "pushprox.namespace" . }} - selector: - matchLabels: {{ include "pushProxy.client.labels" . | nindent 6 }} ---- -{{- $selector := "" }} -{{- if not (kindIs "invalid" .Values.service) }} -{{- if not (kindIs "invalid" .Values.service.selector) }} -{{ if .Values.service.selector }} -{{- if .Values.clients.enabled }} -{{- required (printf "Cannot override .Values.service.selector=%s when .Values.clients.enabled=true" (toJson .Values.service.selector)) "" }} -{{- end }} -{{- $selector = (toYaml .Values.service.selector) }} -{{- end }} -{{- end }} -{{- end }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "pushProxy.client.name" . }} - namespace: {{ template "pushprox.namespace" . }} - labels: {{ include "pushProxy.client.labels" . | nindent 4 }} -spec: - ports: - - name: metrics - port: {{ required "Need .Values.metricsPort to configure client to listen to metrics at port" .Values.metricsPort}} - protocol: TCP - targetPort: {{ .Values.metricsPort }} - selector: {{ default (include "pushProxy.client.labels" .) $selector | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-install-crd.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-install-crd.yaml deleted file mode 100644 index 16abc2fa8..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-install-crd.yaml +++ /dev/null @@ -1,14 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install Prometheus Operator CRDs before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-psp-install.yaml b/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/charts/rkeScheduler/values.yaml b/charts/rancher-monitoring/charts/rkeScheduler/values.yaml deleted file mode 100644 index 1e076041b..000000000 --- a/charts/rancher-monitoring/charts/rkeScheduler/values.yaml +++ /dev/null @@ -1,166 +0,0 @@ -# Default values for rancher-pushprox. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Default image containing both the proxy and the client was generated from the following Dockerfile -# https://github.com/prometheus-community/PushProx/blob/eeadbe766641699129920ccfaaaa30a85c67fe81/Dockerfile#L1-L15 - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - seLinux: - enabled: false - -# A list of Semver constraint strings (defined by https://github.com/Masterminds/semver) and values.yaml overrides. -# -# For each key in kubeVersionOverrides, this chart will check to see if the current Kubernetes cluster's version matches -# any of the semver constraints provided as keys on the map. -# -# On seeing a match, the default value for each values.yaml field overridden will be updated with the new value. -# -# If multiple matches are encountered (due to overlapping semver ranges), the matches will be applied in order. -# -# Notes: -# - On running a helm template, Helm generally assumes the kubeVersion is v1.20.0 -# - On running a helm install --dry-run, the correct kubeVersion should be chosen. -kubeVersionOverrides: [] -# - constraint: "< 1.21" -# values: -# metricsPort: 10252 -# clients: -# https: -# enabled: false -# insecureSkipVerify: false -# useServiceAccountCredentials: false - -namespaceOverride: "" - -# The component that is being monitored (i.e. etcd) -component: "component" - -# The port containing the metrics that need to be scraped -metricsPort: 2739 - -# Configure ServiceMonitor that monitors metrics from the metricsPort endpoint -serviceMonitor: - enabled: true - # A list of endpoints that will be added to the ServiceMonitor based on the Endpoint spec - # Source: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint - # By default, proxyUrl and params._scheme will be overridden based on other values - endpoints: - - port: metrics - -# Configure Service that grabs scrape targets -service: - # The selector that is used to populate the Service's Endpoints object. - # The chart will error out on rendering templating if .Values.clients.enabled is set alongside this field, - # since it is expected that this service should point to the PushProx Clients Daemonset / Deployment - selector: {} - -clients: - enabled: true - # The port which the PushProx client will post PushProx metrics to - port: 9369 - # If unset, this will default to the URL for the proxy service: http://pushprox-{{component}}-proxy.{{namepsace}}.svc.cluster.local:{{proxy.port}} - # Should be modified if the clients are being deployed outside the cluster where the proxy rests, otherwise leave it null - proxyUrl: "" - # If set to true, the client will forward any requests from the host IP to 127.0.0.1 - # It will only allow proxy requests to the metricsPort specified - useLocalhost: false - # Configuration for accessing metrics via HTTPS - https: - # Does the client require https to access the metrics? - enabled: false - # Does the client require requests be sent to http or https? - forceHTTPSScheme: false - # If set to true, the client will create a service account with adequate permissions and set a flag - # on the client to use the service account token provided by it to make authorized scrape requests - useServiceAccountCredentials: false - # Configuration for authentication to metrics via https endpoint - authenticationMethod: - # Reads token from defined file in container - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenFile: - enabled: false - bearerTokenFilePath: "/var/run/secrets/kubernetes.io/serviceaccount/token" - # Reads token from defined secret in namespace - # This function is deprecated in the prometheus operator api and may be removed in a future version - bearerTokenSecret: - enabled: false - # Reads token from defined secret in namespace - authorization: - enabled: false - type: "bearer" - credentials: - key: "token" - optional: false - # If set to true, the client will disable SSL security checks - insecureSkipVerify: false - # Directory on host where necessary TLS cert and key to scrape metrics can be found - certDir: "" - # Filenames for files located in .Values.clients.https.certDir that correspond to TLS settings - certFile: "" - keyFile: "" - caCertFile: "" - # seLinuxOptions to be passed into the container that copies certs. Should define a container with permissions to read the files in the certDir provided on the host. - # Required and only used if `clients.https.enabled` is set and `clients.https.certDir` is provided. - seLinuxOptions: {} - - metrics: - # Whether the client should publish PushProx client-specific metrics to .Values.clients.port - enabled: false - - rbac: - # Additional permissions to provide to the ServiceAccount bound to the client - # This can be used to provide additional permissions for the client to scrape metrics from the k8s API - # Only enabled if clients.https.enabled and clients.https.useServiceAccountCredentials are true - additionalRules: [] - - # Resource limits - resources: {} - - # Options to select all nodes to deploy client DaemonSet on - nodeSelector: {} - tolerations: [] - affinity: {} - - image: - repository: rancher/pushprox-client - tag: v0.1.3-rancher2-client - command: ["pushprox-client"] - - copyCertsImage: - repository: rancher/mirrored-library-busybox - tag: 1.31.1 - - # The default intention of rancher-pushprox clients is to scrape hostNetwork metrics across all nodes. - # This can be used to scrape internal Kubernetes components or DaemonSets of hostNetwork Pods in - # situations where a cloud provider firewall prevents Pod-To-Host communication but not Pod-To-Pod. - # However, if the underlying hostNetwork Pod that is being scraped is managed by a Deployment, - # this advanced option enables users to deploy the client as a Deployment instead of a DaemonSet. - # If a user deploys this feature and the underlying Deployment's number of replicas changes, the user will - # be responsible for upgrading this chart accordingly to the right number of replicas. - deployment: - enabled: false - replicas: 0 - -proxy: - enabled: true - # The port through which PushProx clients will communicate to the proxy - port: 8080 - - # Resource limits - resources: {} - - # Options to select a node to run a single proxy deployment on - nodeSelector: {} - tolerations: [] - - image: - repository: rancher/pushprox-proxy - tag: v0.1.3-rancher2-proxy - command: ["pushprox-proxy"] diff --git a/charts/rancher-monitoring/charts/windowsExporter/.helmignore b/charts/rancher-monitoring/charts/windowsExporter/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rancher-monitoring/charts/windowsExporter/Chart.yaml b/charts/rancher-monitoring/charts/windowsExporter/Chart.yaml deleted file mode 100644 index f1cc32344..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -annotations: - catalog.cattle.io/hidden: "true" - catalog.cattle.io/os: windows - catalog.rancher.io/certified: rancher - catalog.rancher.io/namespace: cattle-monitoring-system - catalog.rancher.io/release-name: rancher-windows-exporter -apiVersion: v1 -appVersion: 0.0.2 -description: Sets up monitoring metrics from Windows nodes via Prometheus windows-exporter -maintainers: -- email: arvind.iyengar@rancher.com - name: aiyengar2 -name: windowsExporter -type: application -version: 0.1.1 diff --git a/charts/rancher-monitoring/charts/windowsExporter/README.md b/charts/rancher-monitoring/charts/windowsExporter/README.md deleted file mode 100644 index 6115b6f25..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# rancher-windows-exporter - -A Rancher chart based on the [prometheus-community/windows-exporter](https://github.com/prometheus-community/windows_exporter) project (previously called wmi-exporter) that sets up a DaemonSet of clients that can scrape windows-exporter metrics from Windows nodes on a Kubernetes cluster. - -A [Prometheus Operator](https://github.com/coreos/prometheus-operator) ServiceMonitor CR and PrometheusRule CR are also created by this chart to collect metrics and add some recording rules to map `windows_` series with their OS-agnostic counterparts. - -## Node Requirements - -Since Windows does not support privileged pods, this chart expects a Named Pipe (`\\.\pipe\rancher_wins`) to exist on the Windows host that allows containers to communicate with the host. This is done by deploying a [rancher/wins](https://github.com/rancher/wins) server on the host. - -The image used by the chart, [windows_exporter-package](https://github.com/rancher/windows_exporter-package), is configured to create a wins client that communicates with the wins server, alongside a running copy of a particular version of [windows-exporter](https://github.com/prometheus-community/windows_exporter). Through the wins client and wins server, the windows-exporter is able to communicate directly with the Windows host to collect metrics and expose them. - -If the cluster you are installing this chart on is a custom cluster that was created via RKE1 with Windows Support enabled, your nodes should already have the wins server running; this should have been added as part of [the bootstrapping process for adding the Windows node onto your RKE1 cluster](https://github.com/rancher/rancher/blob/master/package/windows/bootstrap.ps1). - -## Configuration - -See [rancher-monitoring](https://github.com/rancher/charts/tree/gh-pages/packages/rancher-monitoring) for an example of how this chart can be used. diff --git a/charts/rancher-monitoring/charts/windowsExporter/scripts/check-wins-version.ps1 b/charts/rancher-monitoring/charts/windowsExporter/scripts/check-wins-version.ps1 deleted file mode 100644 index f8452bbef..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/scripts/check-wins-version.ps1 +++ /dev/null @@ -1,20 +0,0 @@ -$ErrorActionPreference = 'Stop' - -$winsPath = "c:\Windows\wins.exe" -$minWinsVersion = [System.Version]"0.1.0" - -function Get-Wins-Version -{ - $winsAppInfo = Invoke-Expression "& $winsPath cli app info | ConvertFrom-Json" - return [System.Version]($winsAppInfo.Server.Version.substring(1)) -} - -# Wait till the wins version installed is at least v0.1.0 -$winsVersion = Get-Wins-Version -while ($winsVersion -lt $minWinsVersion) { - Write-Host $('wins on host must be at least v{0}, found v{1}. Checking again in 10 seconds...' -f $minWinsVersion, $winsVersion) - Start-Sleep -s 10 - $winsVersion = Get-Wins-Version -} - -Write-Host $('Detected wins version on host is v{0}, which is >v{1}. Continuing with installation...' -f $winsVersion, $minWinsVersion) diff --git a/charts/rancher-monitoring/charts/windowsExporter/scripts/proxy-entry.ps1 b/charts/rancher-monitoring/charts/windowsExporter/scripts/proxy-entry.ps1 deleted file mode 100644 index 9d0581b66..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/scripts/proxy-entry.ps1 +++ /dev/null @@ -1,11 +0,0 @@ -# default -$listenPort = "9796" - -if ($env:LISTEN_PORT) { - $listenPort = $env:LISTEN_PORT -} - -# format "UDP:4789 TCP:8080" -$winsPublish = $('TCP:{0}' -f $listenPort) - -wins.exe cli proxy --publish $winsPublish diff --git a/charts/rancher-monitoring/charts/windowsExporter/scripts/run.ps1 b/charts/rancher-monitoring/charts/windowsExporter/scripts/run.ps1 deleted file mode 100644 index c2e980a3f..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/scripts/run.ps1 +++ /dev/null @@ -1,78 +0,0 @@ -$ErrorActionPreference = 'Stop' - -function Create-Directory -{ - param ( - [parameter(Mandatory = $false, ValueFromPipeline = $true)] [string]$Path - ) - - if (Test-Path -Path $Path) { - if (-not (Test-Path -Path $Path -PathType Container)) { - # clean the same path file - Remove-Item -Recurse -Force -Path $Path -ErrorAction Ignore | Out-Null - } - - return - } - - New-Item -Force -ItemType Directory -Path $Path | Out-Null -} - -function Transfer-File -{ - param ( - [parameter(Mandatory = $true)] [string]$Src, - [parameter(Mandatory = $true)] [string]$Dst - ) - - if (Test-Path -PathType leaf -Path $Dst) { - $dstHasher = Get-FileHash -Path $Dst - $srcHasher = Get-FileHash -Path $Src - if ($dstHasher.Hash -eq $srcHasher.Hash) { - return - } - } - - $null = Copy-Item -Force -Path $Src -Destination $Dst -} - -# Copy binary into host -Create-Directory -Path "c:\host\etc\windows-exporter" -Transfer-File -Src "c:\etc\windows-exporter\windows-exporter.exe" -Dst "c:\host\etc\windows-exporter\windows-exporter.exe" - -# Copy binary into prefix path, since wins expects the same path on the host and on the container -$prefixPath = 'c:\' -if ($env:CATTLE_PREFIX_PATH) { - $prefixPath = $env:CATTLE_PREFIX_PATH -} -$winsDirPath = $('{0}etc\windows-exporter' -f $prefixPath) -$winsPath = $('{0}\windows-exporter.exe' -f $winsDirPath) - -Create-Directory -Path $winsDirPath -Transfer-File -Src "c:\etc\windows-exporter\windows-exporter.exe" $winsPath - -# Run wins with defaults -$listenPort = "9796" -$enabledCollectors = "net,os,service,system,cpu,cs,logical_disk" -$maxRequests = "5" - -if ($env:LISTEN_PORT) { - $listenPort = $env:LISTEN_PORT -} - -if ($env:ENABLED_COLLECTORS) { - $enabledCollectors = $env:ENABLED_COLLECTORS -} - -if ($env:MAX_REQUESTS) { - $maxRequests = $env:MAX_REQUESTS -} - -# format "UDP:4789 TCP:8080" -$winsExposes = $('TCP:{0}' -f $listenPort) - -# format "--a=b --c=d" -$winsArgs = $('--collectors.enabled={0} --telemetry.addr=:{1} --telemetry.max-requests={2} --telemetry.path=/metrics' -f $enabledCollectors, $listenPort, $maxRequests) - - -wins.exe cli prc run --path $winsPath --exposes $winsExposes --args "$winsArgs" diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/_helpers.tpl b/charts/rancher-monitoring/charts/windowsExporter/templates/_helpers.tpl deleted file mode 100644 index 16975d9d0..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/_helpers.tpl +++ /dev/null @@ -1,113 +0,0 @@ -# Rancher - -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -# General - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -The components in this chart create additional resources that expand the longest created name strings. -The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. -*/}} -{{- define "windowsExporter.name" -}} -{{ printf "%s-windows-exporter" .Release.Name }} -{{- end -}} - -{{- define "windowsExporter.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride -}} -{{- end -}} - -{{- define "windowsExporter.labels" -}} -k8s-app: {{ template "windowsExporter.name" . }} -release: {{ .Release.Name }} -component: "windows-exporter" -provider: kubernetes -{{- end -}} - -# Client - -{{- define "windowsExporter.client.nodeSelector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: windows -{{- else -}} -kubernetes.io/os: windows -{{- end -}} -{{- if .Values.clients.nodeSelector }} -{{ toYaml .Values.clients.nodeSelector }} -{{- end }} -{{- end -}} - -{{- define "windowsExporter.client.tolerations" -}} -{{- if .Values.clients.tolerations -}} -{{ toYaml .Values.clients.tolerations }} -{{- else -}} -- operator: Exists -{{- end -}} -{{- end -}} - -{{- define "windowsExporter.client.env" -}} -- name: LISTEN_PORT - value: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port | quote }} -{{- if .Values.clients.enabledCollectors }} -- name: ENABLED_COLLECTORS - value: {{ .Values.clients.enabledCollectors | quote }} -{{- end }} -{{- if .Values.clients.env }} -{{ toYaml .Values.clients.env }} -{{- end }} -{{- end -}} - -{{- define "windowsExporter.validatePathPrefix" -}} -{{- if .Values.global.cattle.rkeWindowsPathPrefix -}} -{{- $prefixPath := (.Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\") -}} -{{- if (not (hasSuffix "\\" $prefixPath)) -}} -{{- fail (printf ".Values.global.cattle.rkeWindowsPathPrefix must end in '/' or '\\', found %s" $prefixPath) -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{- define "windowsExporter.renamedMetrics" -}} -{{- $renamed := dict -}} -{{/* v0.15.0 */}} -{{- $_ := set $renamed "windows_mssql_transactions_active_total" "windows_mssql_transactions_active" -}} -{{/* v0.16.0 */}} -{{- $_ := set $renamed "windows_adfs_ad_login_connection_failures" "windows_adfs_ad_login_connection_failures_total" -}} -{{- $_ := set $renamed "windows_adfs_certificate_authentications" "windows_adfs_certificate_authentications_total" -}} -{{- $_ := set $renamed "windows_adfs_device_authentications" "windows_adfs_device_authentications_total" -}} -{{- $_ := set $renamed "windows_adfs_extranet_account_lockouts" "windows_adfs_extranet_account_lockouts_total" -}} -{{- $_ := set $renamed "windows_adfs_federated_authentications" "windows_adfs_federated_authentications_total" -}} -{{- $_ := set $renamed "windows_adfs_passport_authentications" "windows_adfs_passport_authentications_total" -}} -{{- $_ := set $renamed "windows_adfs_password_change_failed" "windows_adfs_password_change_failed_total" -}} -{{- $_ := set $renamed "windows_adfs_password_change_succeeded" "windows_adfs_password_change_succeeded_total" -}} -{{- $_ := set $renamed "windows_adfs_token_requests" "windows_adfs_token_requests_total" -}} -{{- $_ := set $renamed "windows_adfs_windows_integrated_authentications" "windows_adfs_windows_integrated_authentications_total" -}} -{{- $_ := set $renamed "windows_net_packets_outbound_errors" "windows_net_packets_outbound_errors_total" -}} -{{- $_ := set $renamed "windows_net_packets_received_discarded" "windows_net_packets_received_discarded_total" -}} -{{- $_ := set $renamed "windows_net_packets_received_errors" "windows_net_packets_received_errors_total" -}} -{{- $_ := set $renamed "windows_net_packets_received_total" "windows_net_packets_received_total_total" -}} -{{- $_ := set $renamed "windows_net_packets_received_unknown" "windows_net_packets_received_unknown_total" -}} -{{- $_ := set $renamed "windows_dns_memory_used_bytes_total" "windows_dns_memory_used_bytes" -}} -{{- $renamed | toJson -}} -{{- end -}} - -{{- define "windowsExporter.renamedMetricsRelabeling" -}} -{{- range $original, $new := (include "windowsExporter.renamedMetrics" . | fromJson) -}} -- sourceLabels: [__name__] - regex: {{ $original }} - replacement: '{{ $new }}' - targetLabel: __name__ -{{ end -}} -{{- end -}} - -{{- define "windowsExporter.renamedMetricsRules" -}} -{{- range $original, $new := (include "windowsExporter.renamedMetrics" . | fromJson) -}} -- record: {{ $original }} - expr: {{ $new }} -{{ end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/configmap.yaml b/charts/rancher-monitoring/charts/windowsExporter/templates/configmap.yaml deleted file mode 100644 index e7647a407..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.clients }}{{ if .Values.clients.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "windowsExporter.name" . }}-scripts - namespace: {{ template "windowsExporter.namespace" . }} - labels: {{ include "windowsExporter.labels" . | nindent 4 }} -data: -{{ (.Files.Glob "scripts/*").AsConfig | indent 2 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/daemonset.yaml b/charts/rancher-monitoring/charts/windowsExporter/templates/daemonset.yaml deleted file mode 100644 index a64d19a3e..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/daemonset.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if .Values.clients }}{{ if .Values.clients.enabled }} -{{ include "windowsExporter.validatePathPrefix" . }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "windowsExporter.name" . }} - namespace: {{ template "windowsExporter.namespace" . }} - labels: {{ include "windowsExporter.labels" . | nindent 4 }} -spec: - selector: - matchLabels: {{ include "windowsExporter.labels" . | nindent 6 }} - template: - metadata: - labels: {{ include "windowsExporter.labels" . | nindent 8 }} - spec: - nodeSelector: {{ include "windowsExporter.client.nodeSelector" . | nindent 8 }} - tolerations: {{ include "windowsExporter.client.tolerations" . | nindent 8 }} - serviceAccountName: {{ template "windowsExporter.name" . }} - containers: - - name: exporter-node-proxy - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: ["pwsh", "-f", "c:/scripts/proxy-entry.ps1"] - ports: - - name: http - containerPort: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port }} - env: {{ include "windowsExporter.client.env" . | nindent 10 }} -{{- if .Values.resources }} - resources: {{ toYaml .Values.clients.proxy.resources | nindent 10 }} -{{- end }} - volumeMounts: - - name: wins-pipe-proxy - mountPath: \\.\pipe\rancher_wins_proxy - - name: exporter-scripts - mountPath: c:/scripts/ - - name: exporter-node - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: ["pwsh", "-f", "c:/scripts/run.ps1"] -{{- if .Values.clients.args }} - args: {{ .Values.clients.args }} -{{- end }} - env: {{ include "windowsExporter.client.env" . | nindent 8 }} - - name: CATTLE_PREFIX_PATH - value: {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "/" "\\" }} -{{- if .Values.resources }} - resources: {{ toYaml .Values.clients.resources | nindent 10 }} -{{- end }} - volumeMounts: - - name: wins-pipe - mountPath: \\.\pipe\rancher_wins - - name: binary-host-path - mountPath: c:/host/etc/windows-exporter - - name: exporter-scripts - mountPath: c:/scripts/ - initContainers: - - name: check-wins-version - image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }} - command: ["pwsh", "-f", "c:/scripts/check-wins-version.ps1"] - volumeMounts: - - name: wins-pipe - mountPath: \\.\pipe\rancher_wins - - name: exporter-scripts - mountPath: c:/scripts/ - volumes: - - name: wins-pipe - hostPath: - path: \\.\pipe\rancher_wins - - name: wins-pipe-proxy - hostPath: - path: \\.\pipe\rancher_wins_proxy - - name: binary-host-path - hostPath: - path: {{ default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\" "/" }}etc/windows-exporter - type: DirectoryOrCreate - - name: exporter-scripts - configMap: - name: {{ template "windowsExporter.name" . }}-scripts -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/prometheusrule.yaml b/charts/rancher-monitoring/charts/windowsExporter/templates/prometheusrule.yaml deleted file mode 100644 index f31983122..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/prometheusrule.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.prometheusRule .Values.clients }}{{- if and .Values.prometheusRule.enabled .Values.clients.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - labels: {{ include "windowsExporter.labels" . | nindent 4 }} - name: {{ template "windowsExporter.name" . }} - namespace: {{ template "windowsExporter.namespace" . }} -spec: - groups: - - name: windows-exporter-relabel.rules - rules: -{{- include "windowsExporter.renamedMetricsRules" . | nindent 4 -}} -{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/rbac.yaml b/charts/rancher-monitoring/charts/windowsExporter/templates/rbac.yaml deleted file mode 100644 index e3da3e160..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/rbac.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if .Values.clients }}{{ if .Values.clients.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "windowsExporter.name" . }} - namespace: {{ template "windowsExporter.namespace" . }} - labels: {{ include "windowsExporter.labels" . | nindent 4 }} -rules: -- apiGroups: ['authentication.k8s.io'] - resources: ['tokenreviews'] - verbs: ['create'] -- apiGroups: ['authorization.k8s.io'] - resources: ['subjectaccessreviews'] - verbs: ['create'] -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: ['{{ template "windowsExporter.name" . }}'] -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "windowsExporter.name" . }} - namespace: {{ template "windowsExporter.namespace" . }} - labels: {{ include "windowsExporter.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "windowsExporter.name" . }} -subjects: -- kind: ServiceAccount - name: {{ template "windowsExporter.name" . }} - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "windowsExporter.name" . }} - namespace: {{ template "windowsExporter.namespace" . }} - labels: {{ include "windowsExporter.labels" . | nindent 4 }} -{{- if .Values.clients.imagePullSecrets }} -imagePullSecrets: {{ toYaml .Values.clients.imagePullSecrets | nindent 2 }} -{{- end }} ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "windowsExporter.name" . }} - namespace: {{ template "windowsExporter.namespace" . }} - labels: {{ include "windowsExporter.labels" . | nindent 4 }} -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 0 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' - - 'hostPath' - allowedHostPaths: - - pathPrefix: \\.\pipe\rancher_wins - - pathPrefix: \\.\pipe\rancher_wins_proxy - - pathPrefix: c:/etc/windows-exporter -{{- end }}{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/service.yaml b/charts/rancher-monitoring/charts/windowsExporter/templates/service.yaml deleted file mode 100644 index 03b87faae..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.clients }}{{- if and .Values.clients.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "windowsExporter.name" . }} - namespace: {{ template "windowsExporter.namespace" . }} - labels: {{ include "windowsExporter.labels" . | nindent 4 }} -spec: - ports: - - name: windows-metrics - port: {{ required "Need .Values.clients.port to figure out where to get metrics from" .Values.clients.port }} - protocol: TCP - targetPort: {{ .Values.clients.port }} - selector: {{ include "windowsExporter.labels" . | nindent 4 }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/templates/servicemonitor.yaml b/charts/rancher-monitoring/charts/windowsExporter/templates/servicemonitor.yaml deleted file mode 100644 index 26ece9b05..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/templates/servicemonitor.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.serviceMonitor .Values.clients }}{{- if and .Values.serviceMonitor.enabled .Values.clients.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: {{ include "windowsExporter.labels" . | nindent 4 }} - name: {{ template "windowsExporter.name" . }} - namespace: {{ template "windowsExporter.namespace" . }} -spec: - selector: - matchLabels: {{ include "windowsExporter.labels" . | nindent 6 }} - namespaceSelector: - matchNames: - - {{ template "windowsExporter.namespace" . }} - jobLabel: component - podTargetLabels: - - component - endpoints: - - port: windows-metrics - metricRelabelings: -{{- include "windowsExporter.renamedMetricsRelabeling" . | nindent 4 -}} - - sourceLabels: [__name__] - regex: 'wmi_(.*)' - replacement: 'windows_$1' - targetLabel: __name__ - - sourceLabels: [volume, nic] - regex: (.*);(.*) - separator: '' - targetLabel: device - action: replace - replacement: $1$2 - - sourceLabels: [__name__] - regex: windows_cs_logical_processors - replacement: 'system' - targetLabel: mode - relabelings: - - separator: ':' - sourceLabels: - - __meta_kubernetes_pod_host_ip - - __meta_kubernetes_pod_container_port_number - targetLabel: instance -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/charts/windowsExporter/values.yaml b/charts/rancher-monitoring/charts/windowsExporter/values.yaml deleted file mode 100644 index 6de9984ce..000000000 --- a/charts/rancher-monitoring/charts/windowsExporter/values.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# Default values for rancher-windows-exporter. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Configuration - -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - rkeWindowsPathPrefix: "c:\\" - -# Configure ServiceMonitor that monitors metrics -serviceMonitor: - enabled: true - -# Configure PrometheusRule that renames existing metrics -prometheusRule: - enabled: true - -## Components scraping metrics from Windows nodes -## -clients: - enabled: true - - port: 9796 - image: - repository: rancher/windows_exporter-package - tag: v0.0.5 - os: "windows" - - # Specify the IP addresses of nodes that you want to collect metrics from - endpoints: [] - - # Get more details on https://github.com/prometheus-community/windows_exporter - args: [] - env: {} - enabledCollectors: "net,os,service,system,cpu,cs,logical_disk,tcp,memory,container" - - # Resource limits - resources: {} - - # Options to select nodes to target for scraping Windows metrics - nodeSelector: {} # Note: {kubernetes.io/os: windows} is default and cannot be overridden - tolerations: [] # Note: if not specified, the default option is to use [{operator: Exists}] - - # Image Pull Secrets for the service account used by the clients - imagePullSecrets: {} - - proxy: - resources: {} diff --git a/charts/rancher-monitoring/files/ingress-nginx/nginx.json b/charts/rancher-monitoring/files/ingress-nginx/nginx.json deleted file mode 100644 index 565352235..000000000 --- a/charts/rancher-monitoring/files/ingress-nginx/nginx.json +++ /dev/null @@ -1,1445 +0,0 @@ -{ - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - }, - { - "datasource": "$datasource", - "enable": true, - "expr": "sum(changes(nginx_ingress_controller_config_last_reload_successful_timestamp_seconds{instance!=\"unknown\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[30s])) by (controller_class)", - "hide": false, - "iconColor": "rgba(255, 96, 96, 1)", - "limit": 100, - "name": "Config Reloads", - "showIn": 0, - "step": "30s", - "tagKeys": "controller_class", - "tags": [], - "titleFormat": "Config Reloaded", - "type": "tags" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "iteration": 1534359654832, - "links": [], - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "format": "ops", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 0, - "y": 0 - }, - "id": 20, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m])), 0.001)", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Controller Request Volume", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 6, - "y": 0 - }, - "id": 82, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(avg_over_time(nginx_ingress_controller_nginx_process_connections{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",state=\"active\"}[2m]))", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Controller Connections", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 80, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": false - }, - "gridPos": { - "h": 3, - "w": 6, - "x": 12, - "y": 0 - }, - "id": 21, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",status!~\"[4-5].*\"}[2m])) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "95, 99, 99.5", - "title": "Controller Success Rate (non-4|5xx responses)", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 18, - "y": 0 - }, - "id": 81, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "avg(irate(nginx_ingress_controller_success{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[1m])) * 60", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Config Reloads", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "total" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 21, - "y": 0 - }, - "id": 83, - "interval": null, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": true, - "lineColor": "rgb(31, 120, 193)", - "show": true - }, - "tableColumn": "", - "targets": [ - { - "expr": "count(nginx_ingress_controller_config_last_reload_successful{controller_pod=~\"$controller\",controller_namespace=~\"$namespace\"} == 0)", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "refId": "A", - "step": 4 - } - ], - "thresholds": "", - "title": "Last Config Failed", - "transparent": false, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 3 - }, - "height": "200px", - "id": 86, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": false, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": 300, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "repeatDirection": "h", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "round(sum(irate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress), 0.001)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "metric": "network", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Ingress Request Volume", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "transparent": false, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00", - "max - prometheus": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 2, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 3 - }, - "id": 87, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": false, - "hideEmpty": true, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": 300, - "sort": "avg", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\",status!~\"[4-5].*\"}[2m])) by (ingress) / sum(rate(nginx_ingress_controller_requests{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "metric": "container_memory_usage:sort_desc", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Ingress Success Rate (non-4|5xx responses)", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 1, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 2, - "editable": true, - "error": false, - "fill": 1, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 10 - }, - "height": "200px", - "id": 32, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": 200, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (irate (nginx_ingress_controller_request_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "Received", - "metric": "network", - "refId": "A", - "step": 10 - }, - { - "expr": "- sum (irate (nginx_ingress_controller_response_size_sum{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m]))", - "format": "time_series", - "hide": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "Sent", - "metric": "network", - "refId": "B", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Network I/O pressure", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "transparent": false, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00", - "max - prometheus": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 2, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 10 - }, - "id": 77, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": 200, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg(nginx_ingress_controller_nginx_process_resident_memory_bytes{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}) ", - "format": "time_series", - "instant": false, - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "nginx", - "metric": "container_memory_usage:sort_desc", - "refId": "A", - "step": 10 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Average Memory Usage", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "max - istio-proxy": "#890f02", - "max - master": "#bf1b00" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 3, - "editable": false, - "error": false, - "fill": 0, - "grid": {}, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 10 - }, - "height": "", - "id": 79, - "isNew": true, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sort": null, - "sortDesc": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg (rate (nginx_ingress_controller_nginx_process_cpu_seconds_total{controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\"}[2m])) ", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "legendFormat": "nginx", - "metric": "container_cpu", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Average CPU Usage", - "tooltip": { - "msResolution": true, - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "transparent": false, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "none", - "label": "cores", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "columns": [], - "datasource": "$datasource", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 16 - }, - "hideTimeOverride": false, - "id": 75, - "links": [], - "pageSize": 7, - "repeat": null, - "repeatDirection": "h", - "scroll": true, - "showHeader": true, - "sort": { - "col": 1, - "desc": true - }, - "styles": [ - { - "alias": "Ingress", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "ingress", - "preserveFormat": false, - "sanitize": false, - "thresholds": [], - "type": "string", - "unit": "short" - }, - { - "alias": "Requests", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #A", - "thresholds": [ - "" - ], - "type": "number", - "unit": "ops" - }, - { - "alias": "Errors", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #B", - "thresholds": [], - "type": "number", - "unit": "ops" - }, - { - "alias": "P50 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": false, - "pattern": "Value #C", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "P90 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Value #D", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "P99 Latency", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Value #E", - "thresholds": [], - "type": "number", - "unit": "dtdurations" - }, - { - "alias": "IN", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Value #F", - "thresholds": [ - "" - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "Time", - "thresholds": [], - "type": "hidden", - "unit": "short" - }, - { - "alias": "OUT", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "mappingType": 1, - "pattern": "Value #G", - "thresholds": [], - "type": "number", - "unit": "Bps" - } - ], - "targets": [ - { - "expr": "histogram_quantile(0.50, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.90, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "D" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (le, ingress))", - "format": "table", - "hide": false, - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ destination_service }}", - "refId": "E" - }, - { - "expr": "sum(irate(nginx_ingress_controller_request_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "F" - }, - { - "expr": "sum(irate(nginx_ingress_controller_response_size_sum{ingress!=\"\",controller_pod=~\"$controller\",controller_class=~\"$controller_class\",controller_namespace=~\"$namespace\",ingress=~\"$ingress\"}[2m])) by (ingress)", - "format": "table", - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{ ingress }}", - "refId": "G" - } - ], - "timeFrom": null, - "title": "Ingress Percentile Response Times and Transfer Rates", - "transform": "table", - "transparent": false, - "type": "table" - }, - { - "columns": [ - { - "text": "Current", - "value": "current" - } - ], - "datasource": "$datasource", - "fontSize": "100%", - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 24 - }, - "height": "1024", - "id": 85, - "links": [], - "pageSize": 7, - "scroll": true, - "showHeader": true, - "sort": { - "col": 1, - "desc": false - }, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" - }, - { - "alias": "TTL", - "colorMode": "cell", - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "pattern": "Current", - "thresholds": [ - "0", - "691200" - ], - "type": "number", - "unit": "s" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "avg(nginx_ingress_controller_ssl_expire_time_seconds{kubernetes_pod_name=~\"$controller\",namespace=~\"$namespace\",ingress=~\"$ingress\"}) by (host) - time()", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ host }}", - "metric": "gke_letsencrypt_cert_expiration", - "refId": "A", - "step": 1 - } - ], - "title": "Ingress Certificate Expiry", - "transform": "timeseries_aggregations", - "type": "table" - } - ], - "refresh": "5s", - "schemaVersion": 16, - "style": "dark", - "tags": [ - "nginx" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [], - "query": "label_values(nginx_ingress_controller_config_hash, controller_namespace)", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "Controller Class", - "multi": false, - "name": "controller_class", - "options": [], - "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\"}, controller_class) ", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "Controller", - "multi": false, - "name": "controller", - "options": [], - "query": "label_values(nginx_ingress_controller_config_hash{namespace=~\"$namespace\",controller_class=~\"$controller_class\"}, controller_pod) ", - "refresh": 1, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "tags": [], - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "Ingress", - "multi": false, - "name": "ingress", - "options": [], - "query": "label_values(nginx_ingress_controller_requests{namespace=~\"$namespace\",controller_class=~\"$controller_class\",controller_pod=~\"$controller\"}, ingress) ", - "refresh": 1, - "regex": "", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "2m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "NGINX / Ingress Controller", - "uid": "nginx", - "version": 1 -} \ No newline at end of file diff --git a/charts/rancher-monitoring/files/ingress-nginx/request-handling-performance.json b/charts/rancher-monitoring/files/ingress-nginx/request-handling-performance.json deleted file mode 100644 index 156e33123..000000000 --- a/charts/rancher-monitoring/files/ingress-nginx/request-handling-performance.json +++ /dev/null @@ -1,963 +0,0 @@ -{ - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "gnetId": 9614, - "graphTooltip": 1, - "id": null, - "iteration": 1582146566338, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Total time taken for nginx and upstream servers to process a request and send a response", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 91, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".5", - "refId": "D" - }, - { - "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".95", - "refId": "B" - }, - { - "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_request_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".99", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Total request handling time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "The time spent on receiving the response from the upstream server", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "hiddenSeries": false, - "id": 94, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(\n 0.5,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": ".5", - "refId": "D" - }, - { - "expr": "histogram_quantile(\n 0.95,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".95", - "refId": "B" - }, - { - "expr": "histogram_quantile(\n 0.99,\n sum by (le)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "legendFormat": ".99", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Upstream response time", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 8 - }, - "hiddenSeries": false, - "id": 93, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": " sum by (path)(\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Request volume by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "For each path observed, its median upstream response time", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 8 - }, - "hiddenSeries": false, - "id": 98, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(\n .5,\n sum by (le, path)(\n rate(\n nginx_ingress_controller_response_duration_seconds_bucket{\n ingress =~ \"$ingress\"\n }[1m]\n )\n )\n)", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Median upstream response time by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Percentage of 4xx and 5xx responses among all responses.", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 100, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null as zero", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~ \"[4-5].*\"\n}[1m])) / sum by (path) (rate(nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n}[1m]))", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Response error rate by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "For each path observed, the sum of upstream request time", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 16 - }, - "hiddenSeries": false, - "id": 102, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (path) (rate(nginx_ingress_controller_response_duration_seconds_sum{ingress =~ \"$ingress\"}[1m]))", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Upstream time consumed by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 101, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": " sum (\n rate(\n nginx_ingress_controller_request_duration_seconds_count{\n ingress =~ \"$ingress\",\n status =~\"[4-5].*\",\n }[1m]\n )\n ) by(path, status)\n", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }} {{ status }}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Response error volume by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 24 - }, - "hiddenSeries": false, - "id": 99, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (\n rate (\n nginx_ingress_controller_response_size_sum {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path) / sum (\n rate(\n nginx_ingress_controller_response_size_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n) by (path)\n", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{ path }}", - "refId": "D" - }, - { - "expr": " sum (rate(nginx_ingress_controller_response_size_bucket{\n ingress =~ \"$ingress\",\n }[1m])) by (le)\n", - "hide": true, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Average response size by Path", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 32 - }, - "hiddenSeries": false, - "id": 96, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "dataLinks": [] - }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_sum {\n ingress =~ \"$ingress\",\n }[1m]\n)) / sum (\n rate(\n nginx_ingress_controller_ingress_upstream_latency_seconds_count {\n ingress =~ \"$ingress\",\n }[1m]\n )\n)\n", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "average", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Upstream service latency", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "30s", - "schemaVersion": 22, - "style": "dark", - "tags": [ - "nginx" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": ".*", - "current": {}, - "datasource": "$datasource", - "definition": "label_values(nginx_ingress_controller_requests, ingress) ", - "hide": 0, - "includeAll": true, - "label": "Service Ingress", - "multi": false, - "name": "ingress", - "options": [], - "query": "label_values(nginx_ingress_controller_requests, ingress) ", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "2m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "browser", - "title": "NGINX / Request Handling Performance", - "uid": "4GFbkOsZk", - "version": 1 -} diff --git a/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster-nodes.json b/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster-nodes.json deleted file mode 100644 index 1d4943501..000000000 --- a/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster-nodes.json +++ /dev/null @@ -1,793 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "links": [], - "panels": [ - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m] ({{instance}})" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m])) by (instance)", - "interval": "", - "legendFormat": "Load[5m] ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m])) by (instance)", - "interval": "", - "legendFormat": "Load[1m] ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m])) by (instance)", - "interval": "", - "legendFormat": "Load[15m] ({{instance}})", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) by (instance) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes) by (instance) ", - "interval": "", - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance))", - "interval": "", - "legendFormat": "{{instance}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Read ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Write ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Receive Errors ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Receive Total ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Transmit Errors ({{instance}})", - "refId": "C" - }, - { - "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Receive Dropped ({{instance}})", - "refId": "D" - }, - { - "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Transmit Dropped ({{instance}})", - "refId": "E" - }, - { - "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) by (instance) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Transmit Total ({{instance}})", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Transmit Total ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Receive Total ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Cluster (Nodes)", - "uid": "rancher-cluster-nodes-1", - "version": 3 -} diff --git a/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster.json b/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster.json deleted file mode 100644 index 24385a237..000000000 --- a/charts/rancher-monitoring/files/rancher/cluster/rancher-cluster.json +++ /dev/null @@ -1,776 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval]))", - "legendFormat": "Total", - "interval": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_load5 OR avg_over_time(windows_system_processor_queue_length[5m]))", - "interval": "", - "legendFormat": "Load[5m]", - "refId": "A" - }, - { - "expr": "sum(node_load1 OR avg_over_time(windows_system_processor_queue_length[1m]))", - "interval": "", - "legendFormat": "Load[1m]", - "refId": "B" - }, - { - "expr": "sum(node_load15 OR avg_over_time(windows_system_processor_queue_length[15m]))", - "interval": "", - "legendFormat": "Load[15m]", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(node_memory_MemAvailable_bytes OR windows_os_physical_memory_free_bytes) / sum(node_memory_MemTotal_bytes OR windows_cs_physical_memory_bytes)", - "legendFormat": "Total", - "interval": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}))", - "legendFormat": "Total", - "interval": "", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_disk_read_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Read", - "refId": "A" - }, - { - "expr": "sum(rate(node_disk_written_bytes_total[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Write", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Errors", - "refId": "A" - }, - { - "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "B" - }, - { - "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Errors", - "refId": "C" - }, - { - "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Dropped", - "refId": "D" - }, - { - "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Dropped", - "refId": "E" - }, - { - "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*'}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Cluster", - "uid": "rancher-cluster-1", - "version": 3 -} diff --git a/charts/rancher-monitoring/files/rancher/home/rancher-default-home.json b/charts/rancher-monitoring/files/rancher/home/rancher-default-home.json deleted file mode 100644 index 3fce20756..000000000 --- a/charts/rancher-monitoring/files/rancher/home/rancher-default-home.json +++ /dev/null @@ -1,1290 +0,0 @@ -{ - "annotations": { - "list": [] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "id": null, - "links": [], - "panels": [ - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 1, - "title": "", - "type": "welcome" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 0, - "y": 4 - }, - "height": "180px", - "id": 6, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[5m])))) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "65, 90", - "title": "CPU Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 8, - "y": 4 - }, - "height": "180px", - "id": 4, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"})) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "65, 90", - "title": "Memory Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": true, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 5, - "w": 8, - "x": 16, - "y": 4 - }, - "height": "180px", - "id": 7, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(1 - (((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))) / ((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))))) * 100", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "metric": "", - "refId": "A", - "step": 10 - } - ], - "thresholds": "65, 90", - "title": "Disk Utilization", - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 0, - "y": 9 - }, - "height": "1px", - "id": 11, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "30%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode!=\"idle\"}[5m]))", - "format": "time_series", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "CPU Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 4, - "y": 9 - }, - "height": "1px", - "id": 12, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": " cores", - "postfixFontSize": "30%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(kube_node_status_allocatable_cpu_cores{}) OR sum(kube_node_status_allocatable{resource=\"cpu\",unit=\"core\"})", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "CPU Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 8, - "y": 9 - }, - "height": "1px", - "id": 9, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "20%", - "prefix": "", - "prefixFontSize": "20%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"})", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "Memory Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 12, - "y": 9 - }, - "height": "1px", - "id": 10, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(kube_node_status_allocatable_memory_bytes{}) OR sum(kube_node_status_allocatable{resource=\"memory\", unit=\"byte\"})", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "Memory Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 16, - "y": 9 - }, - "height": "1px", - "id": 13, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) - sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) - sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "Disk Used", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "Prometheus", - "decimals": 2, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "format": "bytes", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 20, - "y": 9 - }, - "height": "1px", - "id": 14, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "(sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0))", - "interval": "10s", - "intervalFactor": 1, - "refId": "A", - "step": 10 - } - ], - "thresholds": "", - "title": "Disk Total", - "type": "singlestat", - "valueFontSize": "50%", - "valueMaps": [ - { - "op": "=", - "text": "0", - "value": "null" - } - ], - "valueName": "current" - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 0, - "y": 12 - }, - "hiddenSeries": false, - "id": 2051, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\",mode=\"idle\"}[$__rate_interval])))", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "A" - }, - { - "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", mode=\"idle\"}[$__rate_interval])) by (instance)", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ instance }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percentunit", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 8, - "y": 12 - }, - "hiddenSeries": false, - "id": 2052, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "100 * (1 - sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}))", - "format": "time_series", - "hide": false, - "instant": false, - "intervalFactor": 1, - "legendFormat": "Cluster", - "refId": "A" - }, - { - "expr": "100 * (1- sum({__name__=~\"node_memory_MemAvailable_bytes|windows_os_physical_memory_free_bytes\"}) by (instance) / sum({__name__=~\"node_memory_MemTotal_bytes|windows_cs_physical_memory_bytes\"}) by (instance))", - "format": "time_series", - "hide": false, - "intervalFactor": 1, - "legendFormat": "{{ instance }}", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 6, - "w": 8, - "x": 16, - "y": 12 - }, - "hiddenSeries": false, - "id": 2053, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(1 - ((sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"} OR on() vector(0)))) / ((sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) OR on() vector(0)) + (sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) OR on() vector(0)))) * 100", - "legendFormat": "Cluster", - "refId": "A" - }, - { - "expr": "(1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\"}) by (instance)) * 100", - "hide": false, - "legendFormat": "{{ instance }}", - "refId": "B" - }, - { - "expr": "(1 - (sum(windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) / sum(windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\"}) by (instance)) * 100", - "hide": false, - "legendFormat": "{{ instance }}", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "percent", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "folderId": 0, - "gridPos": { - "h": 15, - "w": 12, - "x": 0, - "y": 18 - }, - "headings": true, - "id": 3, - "limit": 30, - "links": [], - "query": "", - "recent": true, - "search": true, - "starred": false, - "tags": [], - "title": "Dashboards", - "type": "dashlist" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 18 - }, - "id": 2055, - "options": { - "content": "## About Rancher Monitoring\n\nRancher Monitoring is a Helm chart developed by Rancher that is powered by [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator). It is based on the upstream [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Helm chart maintained by the Prometheus community.\n\nBy default, the chart deploys Grafana alongside a set of Grafana dashboards curated by the [kube-prometheus](https://github.com/prometheus-operator/kube-prometheus) project.\n\nFor more information on how Rancher Monitoring differs from [kube-prometheus-stack](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack), please view the CHANGELOG.md of the rancher-monitoring chart located in the [rancher/charts](https://github.com/rancher/charts) repository.\n\nFor more information about how to configure Rancher Monitoring, please view the [Rancher docs](https://rancher.com/docs/rancher/v2.x/en/).\n\n", - "mode": "markdown" - }, - "pluginVersion": "7.1.0", - "timeFrom": null, - "timeShift": null, - "title": "", - "type": "text" - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "hidden": true, - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ], - "type": "timepicker" - }, - "timezone": "browser", - "title": "Home", - "uid": "rancher-home-1", - "version": 5 -} diff --git a/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd-nodes.json b/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd-nodes.json deleted file mode 100644 index 8c4bdcef5..000000000 --- a/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd-nodes.json +++ /dev/null @@ -1,687 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 32, - "links": [], - "panels": [ - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Client Traffic In ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Client Traffic Out ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "GRPC Client Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]({{instance}})" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(etcd_mvcc_db_total_size_in_bytes) by (instance)", - "interval": "", - "legendFormat": "DB Size ({{instance}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "DB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) by (instance)", - "interval": "", - "legendFormat": "Watch Streams ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) by (instance)", - "interval": "", - "legendFormat": "Lease Watch Stream ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Active Streams", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Proposal Committed ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Proposal Applied ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "Proposal Failed ({{instance}})", - "refId": "C" - }, - { - "expr": "sum(etcd_server_proposals_pending) by (instance)", - "interval": "", - "legendFormat": "Proposal Pending ({{instance}})", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Raft Proposals", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "RPC Rate ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval])) by (instance)", - "interval": "", - "legendFormat": "RPC Failure Rate ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", - "interval": "", - "legendFormat": "WAL fsync ({{instance}})", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", - "interval": "", - "legendFormat": "DB fsync ({{instance}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Sync Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / etcd (Nodes)", - "uid": "rancher-etcd-nodes-1", - "version": 5 -} diff --git a/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd.json b/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd.json deleted file mode 100644 index a305fe8ad..000000000 --- a/charts/rancher-monitoring/files/rancher/k8s/rancher-etcd.json +++ /dev/null @@ -1,669 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 33, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "Prometheus", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_network_client_grpc_received_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Client Traffic In", - "refId": "A" - }, - { - "expr": "sum(rate(etcd_network_client_grpc_sent_bytes_total{job=\"kube-etcd\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Client Traffic Out", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "GRPC Client Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(etcd_mvcc_db_total_size_in_bytes)", - "interval": "", - "legendFormat": "DB Size", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "DB Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", - "interval": "", - "legendFormat": "Watch Streams", - "refId": "A" - }, - { - "expr": "sum(grpc_server_started_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", - "interval": "", - "legendFormat": "Lease Watch Stream", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Active Streams", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_server_proposals_committed_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Proposal Committed", - "refId": "A" - }, - { - "expr": "sum(rate(etcd_server_proposals_applied_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Proposal Applied", - "refId": "B" - }, - { - "expr": "sum(rate(etcd_server_proposals_failed_total[$__rate_interval]))", - "interval": "", - "legendFormat": "Proposal Failed", - "refId": "C" - }, - { - "expr": "sum(etcd_server_proposals_pending)", - "interval": "", - "legendFormat": "Proposal Pending", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Raft Proposals", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_started_total{grpc_type=\"unary\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "RPC Rate", - "refId": "A" - }, - { - "expr": "sum(rate(grpc_server_handled_total{grpc_type=\"unary\",grpc_code!=\"OK\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "RPC Failure Rate", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket[$__rate_interval])) by (instance, le))", - "interval": "", - "legendFormat": "WAL fsync", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket[$__rate_interval])) by (instance, le))", - "interval": "", - "legendFormat": "DB fsync", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Sync Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 2, - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / etcd", - "uid": "rancher-etcd-1", - "version": 4 -} diff --git a/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components-nodes.json b/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components-nodes.json deleted file mode 100644 index b31358eaa..000000000 --- a/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components-nodes.json +++ /dev/null @@ -1,527 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 30, - "links": [], - "panels": [ - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (instance, code)", - "interval": "", - "legendFormat": "{{code}}({{instance}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "API Server Request Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]({{instance}})" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (instance, name)", - "interval": "", - "legendFormat": "Deployment Depth ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (instance, name)", - "interval": "", - "legendFormat": "Volumes Depth ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (instance, name)", - "interval": "", - "legendFormat": "ReplicaSet Depth ({{instance}})", - "refId": "C" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (instance, name)", - "interval": "", - "legendFormat": "Service Depth ({{instance}})", - "refId": "D" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (instance, name)", - "interval": "", - "legendFormat": "ServiceAccount Depth ({{instance}})", - "refId": "E" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (instance, name)", - "interval": "", - "legendFormat": "Endpoint Depth ({{instance}})", - "refId": "F" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (instance, name)", - "interval": "", - "legendFormat": "DaemonSet Depth ({{instance}})", - "refId": "G" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (instance, name)", - "interval": "", - "legendFormat": "StatefulSet Depth ({{instance}})", - "refId": "H" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (instance, name)", - "interval": "", - "legendFormat": "ReplicationManager Depth ({{instance}})", - "refId": "I" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Controller Manager Queue Depth", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", - "interval": "", - "legendFormat": "Failed To Schedule", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pod Scheduling Status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{instance}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"}) by (instance)", - "interval": "", - "legendFormat": "Reading ({{instance}})", - "refId": "A" - }, - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"}) by (instance)", - "interval": "", - "legendFormat": "Waiting ({{instance}})", - "refId": "B" - }, - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"}) by (instance)", - "interval": "", - "legendFormat": "Writing ({{instance}})", - "refId": "C" - }, - { - "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval]))) by (instance)", - "interval": "", - "legendFormat": "Accepted ({{instance}})", - "refId": "D" - }, - { - "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval]))) by (instance)", - "interval": "", - "legendFormat": "Handled ({{instance}})", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Ingress Controller Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Kubernetes Components (Nodes)", - "uid": "rancher-k8s-components-nodes-1", - "version": 5 -} diff --git a/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components.json b/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components.json deleted file mode 100644 index 44cf97f9f..000000000 --- a/charts/rancher-monitoring/files/rancher/k8s/rancher-k8s-components.json +++ /dev/null @@ -1,519 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 31, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(apiserver_request_total[$__rate_interval])) by (code)", - "interval": "", - "legendFormat": "{{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "API Server Request Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]({{instance}})" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"deployment\"}) by (name)", - "interval": "", - "legendFormat": "Deployment Depth", - "refId": "A" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"volumes\"}) by (name)", - "interval": "", - "legendFormat": "Volumes Depth", - "refId": "B" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicaset\"}) by (name)", - "interval": "", - "legendFormat": "Replicaset Depth", - "refId": "C" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"service\"}) by (name)", - "interval": "", - "legendFormat": "Service Depth", - "refId": "D" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"serviceaccount\"}) by (name)", - "interval": "", - "legendFormat": "ServiceAccount Depth", - "refId": "E" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"endpoint\"}) by (name)", - "interval": "", - "legendFormat": "Endpoint Depth", - "refId": "F" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"daemonset\"}) by (name)", - "interval": "", - "legendFormat": "DaemonSet Depth", - "refId": "G" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"statefulset\"}) by (name)", - "interval": "", - "legendFormat": "StatefulSet Depth", - "refId": "H" - }, - { - "expr": "sum(workqueue_depth{component=\"kube-controller-manager\", name=\"replicationmanager\"}) by (name)", - "interval": "", - "legendFormat": "ReplicationManager Depth", - "refId": "I" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Controller Manager Queue Depth", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(kube_pod_status_scheduled{condition=\"false\"})", - "interval": "", - "legendFormat": "Failed To Schedule", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Pod Scheduling Status", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"reading\"})", - "interval": "", - "legendFormat": "Reading", - "refId": "A" - }, - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"waiting\"})", - "interval": "", - "legendFormat": "Waiting", - "refId": "B" - }, - { - "expr": "sum(nginx_ingress_controller_nginx_process_connections{state=\"writing\"})", - "interval": "", - "legendFormat": "Writing", - "refId": "C" - }, - { - "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"accepted\"}[$__rate_interval])))", - "interval": "", - "legendFormat": "Accepted", - "refId": "D" - }, - { - "expr": "sum(ceil(increase(nginx_ingress_controller_nginx_process_connections_total{state=\"handled\"}[$__rate_interval])))", - "interval": "", - "legendFormat": "Handled", - "refId": "E" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Ingress Controller Connections", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Kubernetes Components", - "uid": "rancher-k8s-components-1", - "version": 5 -} diff --git a/charts/rancher-monitoring/files/rancher/nodes/rancher-node-detail.json b/charts/rancher-monitoring/files/rancher/nodes/rancher-node-detail.json deleted file mode 100644 index 920fb94cf..000000000 --- a/charts/rancher-monitoring/files/rancher/nodes/rancher-node-detail.json +++ /dev/null @@ -1,805 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "links": [], - "panels": [ - { - "aliasColors": { - "{{mode}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\"}[$__rate_interval])) by (mode)", - "interval": "", - "legendFormat": "{{mode}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", - "interval": "", - "legendFormat": "Load[5m]", - "refId": "A" - }, - { - "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", - "interval": "", - "legendFormat": "Load[1m]", - "refId": "B" - }, - { - "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", - "interval": "", - "legendFormat": "Load[15m]", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / (node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{device}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) by (device))", - "interval": "", - "legendFormat": "{{device}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{device}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Read ({{device}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Write ({{device}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{device}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Receive Errors ({{device}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Receive Total ({{device}})", - "refId": "B" - }, - { - "expr": "sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Transmit Errors ({{device}})", - "refId": "C" - }, - { - "expr": "sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Receive Dropped ({{device}})", - "refId": "D" - }, - { - "expr": "sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Transmit Dropped ({{device}})", - "refId": "E" - }, - { - "expr": "sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) by (device) OR sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Transmit Total ({{device}})", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{device}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Transmit Total ({{device}})", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) by (device)", - "interval": "", - "legendFormat": "Receive Total ({{device}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "instance", - "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Node (Detail)", - "uid": "rancher-node-detail-1", - "version": 3 -} diff --git a/charts/rancher-monitoring/files/rancher/nodes/rancher-node.json b/charts/rancher-monitoring/files/rancher/nodes/rancher-node.json deleted file mode 100644 index 367df3cc9..000000000 --- a/charts/rancher-monitoring/files/rancher/nodes/rancher-node.json +++ /dev/null @@ -1,792 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - avg(irate({__name__=~\"node_cpu_seconds_total|windows_cpu_time_total\", instance=\"$instance\", mode=\"idle\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Load[5m]" - }, - "properties": [] - } - ] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_load5{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[5m]))", - "interval": "", - "legendFormat": "Load[5m]", - "refId": "A" - }, - { - "expr": "sum(node_load1{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[1m]))", - "interval": "", - "legendFormat": "Load[1m]", - "refId": "B" - }, - { - "expr": "sum(node_load15{instance=~\"$instance\"} OR avg_over_time(windows_system_processor_queue_length{instance=~\"$instance\"}[15m]))", - "interval": "", - "legendFormat": "Load[15m]", - "refId": "C" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(node_memory_MemAvailable_bytes{instance=~\"$instance\"} OR windows_os_physical_memory_free_bytes{instance=~\"$instance\"}) / sum(node_memory_MemTotal_bytes{instance=~\"$instance\"} OR windows_cs_physical_memory_bytes{instance=~\"$instance\"})", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - (sum(node_filesystem_free_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_free_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}) / sum(node_filesystem_size_bytes{device!~\"rootfs|HarddiskVolume.+\", instance=~\"$instance\"} OR windows_logical_disk_size_bytes{volume!~\"(HarddiskVolume.+|[A-Z]:.+)\", instance=~\"$instance\"}))", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": "1", - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_read_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Read", - "refId": "A" - }, - { - "expr": "sum(rate(node_disk_written_bytes_total{instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_logical_disk_write_bytes_total{instance=~\"$instance\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Write", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 7 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(node_network_receive_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Errors", - "refId": "A" - }, - { - "expr": "(sum(rate(node_network_receive_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "B" - }, - { - "expr": "(sum(rate(node_network_transmit_errs_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_errors_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Errors", - "refId": "C" - }, - { - "expr": "(sum(rate(node_network_receive_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_received_discarded_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Receive Dropped", - "refId": "D" - }, - { - "expr": "(sum(rate(node_network_transmit_drop_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_outbound_discarded{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Dropped", - "refId": "E" - }, - { - "expr": "(sum(rate(node_network_transmit_packets_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0)) + (sum(rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval])) OR on() vector(0))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(node_network_transmit_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_sent_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "A" - }, - { - "expr": "sum(rate(node_network_receive_bytes_total{device!~\"lo|veth.*|docker.*|flannel.*|cali.*|cbr.*\", instance=~\"$instance\"}[$__rate_interval]) OR rate(windows_net_packets_received_total_total{nic!~'.*isatap.*|.*VPN.*|.*Pseudo.*|.*tunneling.*', instance=~\"$instance\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "instance", - "query": "label_values({__name__=~\"node_exporter_build_info|windows_exporter_build_info\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Node", - "uid": "rancher-node-1", - "version": 3 -} diff --git a/charts/rancher-monitoring/files/rancher/performance/performance-debugging.json b/charts/rancher-monitoring/files/rancher/performance/performance-debugging.json deleted file mode 100644 index b4ac76dfc..000000000 --- a/charts/rancher-monitoring/files/rancher/performance/performance-debugging.json +++ /dev/null @@ -1,1707 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 3, - "links": [], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (handler_name) (rate(lasso_controller_reconcile_time_seconds_sum[5m]))\n/\nsum by (handler_name) (rate(lasso_controller_reconcile_time_seconds_count[5m])))", - "interval": "", - "legendFormat": "{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Handler Average Execution Times Over Last 5 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1390", - "format": "short", - "label": "Execution Time in Seconds", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1391", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 8 - }, - "hiddenSeries": false, - "id": 28, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (resource, method, code) (rate(steve_api_request_time_sum{resource!=\"subscribe\"}[5m]))\n/\nsum by (resource, method, code) (rate(steve_api_request_time_count{resource!=\"subscribe\"}[5m])))", - "interval": "", - "legendFormat": "{{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Rancher API Average Request Times Over Last 5 Minutes (Top 20) (Subscribes Omitted)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:178", - "format": "ms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:179", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 16 - }, - "hiddenSeries": false, - "id": 30, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "rate(steve_api_request_time_sum{resource=\"subscribe\"}[5m])\n/\nrate(steve_api_request_time_count{resource=\"subscribe\"}[5m])", - "interval": "", - "legendFormat": "{{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Subscribe Average Request Times Over Last 5 Minutes", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:368", - "format": "ms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:369", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 24 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,workqueue_depth)", - "interval": "", - "legendFormat": "{{name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Lasso Controller Work Queue Depth (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1553", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1554", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 13, - "w": 16, - "x": 0, - "y": 32 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": false, - "hideZero": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (id, resource, method, code) (steve_api_total_requests))", - "instant": false, - "interval": "", - "legendFormat": "{{id}} {{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Number of Rancher Requests (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:290", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:291", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 16, - "x": 0, - "y": 45 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (id, resource, method) (steve_api_total_requests{code!=\"200\",code!=\"201\"}))", - "interval": "", - "legendFormat": "{{id}} {{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Number of Failed Rancher API Requests (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:428", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:429", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 54 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (resource, method, code) (rate(k8s_proxy_store_request_time_sum[5m]))\n/\nsum by (resource, method, code) (rate(k8s_proxy_store_request_time_count[5m])))", - "interval": "", - "legendFormat": "{{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "K8s Proxy Store Average Request Times Over Last 5 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:662", - "format": "ms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:663", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 62 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": true, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (resource, method, code) (rate(k8s_proxy_client_request_time_sum[5m]))\n/\nsum by (resource, method, code) (rate(k8s_proxy_client_request_time_count[5m])))", - "interval": "", - "legendFormat": "{{resource}} {{method}} {{code}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "K8s Proxy Client Average Request Times Over Last 5 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1710", - "format": "ms", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1711", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 70 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,lasso_controller_total_cached_object)", - "interval": "", - "legendFormat": "{{kind}} {{version}} {{group}} {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Cached Objects by GroupVersionKind (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:744", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:745", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 78 - }, - "hiddenSeries": false, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (handler_name) (\nlasso_controller_total_handler_execution\n))", - "interval": "", - "legendFormat": "{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Lasso Handler Executions (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:824", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:825", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 86 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20, sum by (handler_name,controller_name) (\nincrease(lasso_controller_total_handler_execution[2m])\n))", - "interval": "", - "legendFormat": "{{controller_name}}.{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Handler Executions Over Last 2 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 94 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (handler_name) (\nlasso_controller_total_handler_execution{has_error=\"true\"}\n))", - "interval": "", - "legendFormat": "{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Total Handler Executions with Error (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1230", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1231", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 102 - }, - "hiddenSeries": false, - "id": 34, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,sum by (handler_name,controller_name) (\nincrease(lasso_controller_total_handler_execution{has_error=\"true\"}[2m])\n))", - "interval": "", - "legendFormat": "{{controller_name}}.{{handler_name}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Handler Executions Over Last 2 Minutes (Top 20)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 110 - }, - "hiddenSeries": false, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "topk(20,session_server_total_transmit_bytes)", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Data Transmitted by Remote Dialer Sessions (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:1953", - "format": "decbytes", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:1954", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 118 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "session_server_total_transmit_error_bytes", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Errors for Remote Dialer Sessions (Top 20)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2045", - "format": "ms", - "label": "Error Data", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:2046", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 126 - }, - "hiddenSeries": false, - "id": 26, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "session_server_total_remove_connections", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Remote Dialer Connections Removed (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2199", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:2200", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 16, - "x": 0, - "y": 134 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.11", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "session_server_total_add_connections", - "interval": "", - "legendFormat": "{{clientkey}} {{pod}}", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Remote Dialer Connections Added by Client (Top 20)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:2117", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:2118", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Rancher Performance Debugging", - "uid": "tfrfU0a7k", - "version": 1 -} diff --git a/charts/rancher-monitoring/files/rancher/pods/rancher-pod-containers.json b/charts/rancher-monitoring/files/rancher/pods/rancher-pod-containers.json deleted file mode 100644 index 9e53081a7..000000000 --- a/charts/rancher-monitoring/files/rancher/pods/rancher-pod-containers.json +++ /dev/null @@ -1,636 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "iteration": 1618265214337, - "links": [], - "panels": [ - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "CFS throttled ({{container}})", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "System ({{container}})", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Total ({{container}})", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "User ({{container}})", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "cpu", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}) by (container)", - "interval": "", - "legendFormat": "({{container}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Receive Total ({{container}})", - "refId": "A" - }, - { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Transmit Total ({{container}})", - "refId": "B" - }, - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Receive Dropped ({{container}})", - "refId": "C" - }, - { - "expr": "sum(irate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Receive Errors ({{container}})", - "refId": "D" - }, - { - "expr": "sum(irate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Transmit Errors ({{container}})", - "refId": "E" - }, - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Transmit Dropped ({{container}})", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Receive Total ({{container}})", - "refId": "A" - }, - { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container) OR sum(irate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Transmit Total ({{container}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{container}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Write ({{container}})", - "refId": "A" - }, - { - "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) by (container)", - "interval": "", - "legendFormat": "Read ({{container}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "pod", - "query": "label_values(kube_pod_info{cluster=\"$cluster\", namespace=\"$namespace\"}, pod)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Pod (Containers)", - "uid": "rancher-pod-containers-1", - "version": 8 -} diff --git a/charts/rancher-monitoring/files/rancher/pods/rancher-pod.json b/charts/rancher-monitoring/files/rancher/pods/rancher-pod.json deleted file mode 100644 index 65c6bf18e..000000000 --- a/charts/rancher-monitoring/files/rancher/pods/rancher-pod.json +++ /dev/null @@ -1,636 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "iteration": 1618265214337, - "links": [], - "panels": [ - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_cpu_cfs_throttled_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "CFS throttled", - "refId": "A" - }, - { - "expr": "sum(rate(container_cpu_system_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "System", - "refId": "B" - }, - { - "expr": "sum(rate(container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Total", - "refId": "C" - }, - { - "expr": "sum(rate(container_cpu_user_seconds_total{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval])) OR sum(rate(windows_container_cpu_usage_seconds_usermode{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "User", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "cpu", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"} OR windows_container_memory_usage_commit_bytes{container!=\"POD\",namespace=~\"$namespace\",pod=~\"$pod\", container!=\"\"})", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_receive_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "A" - }, - { - "expr": "sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "B" - }, - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Dropped", - "refId": "C" - }, - { - "expr": "sum(irate(container_network_receive_errors_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Errors", - "refId": "D" - }, - { - "expr": "sum(irate(container_network_transmit_errors_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Errors", - "refId": "E" - }, - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Dropped", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Receive Total", - "refId": "A" - }, - { - "expr": "sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval])) OR sum(irate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Write", - "refId": "A" - }, - { - "expr": "sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\",pod=~\"$pod\",container!=\"\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Read", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace!=\"\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "pod", - "query": "label_values({__name__=~\"container_.*|windows_container_.*\", namespace=\"$namespace\", pod!=\"\"}, pod)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Pod", - "uid": "rancher-pod-1", - "version": 8 -} diff --git a/charts/rancher-monitoring/files/rancher/workloads/rancher-workload-pods.json b/charts/rancher-monitoring/files/rancher/workloads/rancher-workload-pods.json deleted file mode 100644 index f6b5078af..000000000 --- a/charts/rancher-monitoring/files/rancher/workloads/rancher-workload-pods.json +++ /dev/null @@ -1,652 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "iteration": 1618265214337, - "links": [], - "panels": [ - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "CFS throttled ({{pod}})", - "refId": "A" - }, - { - "expr": "(sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "System ({{pod}})", - "refId": "B" - }, - { - "expr": "(sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Total ({{pod}})", - "refId": "C" - }, - { - "expr": "(sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "User ({{pod}})", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "cpu", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "({{pod}})", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Receive Total ({{pod}})", - "refId": "A" - }, - { - "expr": "(sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Transmit Total ({{pod}})", - "refId": "B" - }, - { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Receive Dropped ({{pod}})", - "refId": "C" - }, - { - "expr": "(sum(irate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Receive Errors ({{pod}})", - "refId": "D" - }, - { - "expr": "(sum(irate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Transmit Errors ({{pod}})", - "refId": "E" - }, - { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Transmit Dropped ({{pod}})", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Receive Total ({{pod}})", - "refId": "A" - }, - { - "expr": "(sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Transmit Total ({{pod}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Write ({{pod}})", - "refId": "A" - }, - { - "expr": "(sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"}", - "interval": "", - "legendFormat": "Read ({{pod}})", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*namespace=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "kind", - "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*created_by_kind=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "workload", - "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*created_by_name=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Workload (Pods)", - "uid": "rancher-workload-pods-1", - "version": 8 -} diff --git a/charts/rancher-monitoring/files/rancher/workloads/rancher-workload.json b/charts/rancher-monitoring/files/rancher/workloads/rancher-workload.json deleted file mode 100644 index 9f5317c2f..000000000 --- a/charts/rancher-monitoring/files/rancher/workloads/rancher-workload.json +++ /dev/null @@ -1,652 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 28, - "iteration": 1618265214337, - "links": [], - "panels": [ - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(rate(container_cpu_cfs_throttled_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "CFS throttled", - "refId": "A" - }, - { - "expr": "sum((sum(rate(container_cpu_system_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_kernelmode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "System", - "refId": "B" - }, - { - "expr": "sum((sum(rate(container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Total", - "refId": "C" - }, - { - "expr": "sum((sum(rate(container_cpu_user_seconds_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(rate(windows_container_cpu_usage_seconds_usermode{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "User", - "refId": "D" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "CPU Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": null, - "format": "cpu", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(container_memory_working_set_bytes{namespace=~\"$namespace\"} OR windows_container_memory_usage_commit_bytes{namespace=~\"$namespace\"}) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Total", - "refId": "A" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Memory Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(irate(container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Receive Total", - "refId": "A" - }, - { - "expr": "sum((sum(irate(container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_packets_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "B" - }, - { - "expr": "sum((sum(irate(container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Receive Dropped", - "refId": "C" - }, - { - "expr": "sum((sum(irate(container_network_receive_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Receive Errors", - "refId": "D" - }, - { - "expr": "sum((sum(irate(container_network_transmit_errors_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Transmit Errors", - "refId": "E" - }, - { - "expr": "sum((sum(irate(container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_packets_dropped_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Transmit Dropped", - "refId": "F" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network Traffic", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(irate(container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_receive_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Receive Total", - "refId": "A" - }, - { - "expr": "sum((sum(irate(container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod) OR sum(irate(windows_container_network_transmit_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Transmit Total", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Network I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - "{{pod}}": "#3797d5" - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 7 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "percentage": false, - "pluginVersion": "7.1.5", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum((sum(rate(container_fs_writes_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Write", - "refId": "A" - }, - { - "expr": "sum((sum(rate(container_fs_reads_bytes_total{namespace=~\"$namespace\"}[$__rate_interval])) by (pod)) * on(pod) kube_pod_info{namespace=~\"$namespace\", created_by_kind=\"$kind\", created_by_name=\"$workload\"})", - "interval": "", - "legendFormat": "Read", - "refId": "B" - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": false, - "schemaVersion": 26, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "query": "query_result(kube_pod_info{namespace!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*namespace=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "kind", - "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*created_by_kind=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "workload", - "query": "query_result(kube_pod_info{namespace=\"$namespace\", created_by_kind=\"$kind\", created_by_name!=\"\"} * on(pod) group_right(namespace, created_by_kind, created_by_name) count({__name__=~\"container_.*|windows_container_.*\", pod!=\"\"}) by (pod))", - "refresh": 2, - "regex": "/.*created_by_name=\"([^\"]*)\"/", - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "", - "title": "Rancher / Workload", - "uid": "rancher-workload-1", - "version": 8 -} diff --git a/charts/rancher-monitoring/files/upgrade/scripts/delete-workloads-with-old-labels.sh b/charts/rancher-monitoring/files/upgrade/scripts/delete-workloads-with-old-labels.sh deleted file mode 100644 index 89431e713..000000000 --- a/charts/rancher-monitoring/files/upgrade/scripts/delete-workloads-with-old-labels.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -e -set -x - -# node-exporter -kubectl delete daemonset -l app=prometheus-node-exporter,release=rancher-monitoring --ignore-not-found=true - -# prometheus-adapter -kubectl delete deployments -l app=prometheus-adapter,release=rancher-monitoring --ignore-not-found=true - -# kube-state-metrics -kubectl delete deployments -l app.kubernetes.io/instance=rancher-monitoring,app.kubernetes.io/name=kube-state-metrics --cascade=orphan --ignore-not-found=true -kubectl delete statefulsets -l app.kubernetes.io/instance=rancher-monitoring,app.kubernetes.io/name=kube-state-metrics --cascade=orphan --ignore-not-found=true diff --git a/charts/rancher-monitoring/templates/NOTES.txt b/charts/rancher-monitoring/templates/NOTES.txt deleted file mode 100644 index 371f3ae39..000000000 --- a/charts/rancher-monitoring/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -{{ $.Chart.Name }} has been installed. Check its status by running: - kubectl --namespace {{ template "kube-prometheus-stack.namespace" . }} get pods -l "release={{ $.Release.Name }}" - -Visit https://github.com/prometheus-operator/kube-prometheus for instructions on how to create & configure Alertmanager and Prometheus instances using the Operator. diff --git a/charts/rancher-monitoring/templates/_helpers.tpl b/charts/rancher-monitoring/templates/_helpers.tpl deleted file mode 100644 index 7dd8f73ae..000000000 --- a/charts/rancher-monitoring/templates/_helpers.tpl +++ /dev/null @@ -1,384 +0,0 @@ -# Rancher -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- end -}} -{{- end -}} - -{{/* -https://github.com/helm/helm/issues/4535#issuecomment-477778391 -Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }} -e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }} -*/}} -{{- define "call-nested" }} -{{- $dot := index . 0 }} -{{- $subchart := index . 1 | splitList "." }} -{{- $template := index . 2 }} -{{- $values := $dot.Values }} -{{- range $subchart }} -{{- $values = index $values . }} -{{- end }} -{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }} -{{- end }} - -# Special Exporters -{{- define "exporter.kubeEtcd.enabled" -}} -{{- if or .Values.kubeEtcd.enabled .Values.rkeEtcd.enabled .Values.kubeAdmEtcd.enabled .Values.rke2Etcd.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubeControllerManager.enabled" -}} -{{- if or .Values.kubeControllerManager.enabled .Values.rkeControllerManager.enabled .Values.k3sServer.enabled .Values.kubeAdmControllerManager.enabled .Values.rke2ControllerManager.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubeScheduler.enabled" -}} -{{- if or .Values.kubeScheduler.enabled .Values.rkeScheduler.enabled .Values.k3sServer.enabled .Values.kubeAdmScheduler.enabled .Values.rke2Scheduler.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubeProxy.enabled" -}} -{{- if or .Values.kubeProxy.enabled .Values.rkeProxy.enabled .Values.k3sServer.enabled .Values.kubeAdmProxy.enabled .Values.rke2Proxy.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubelet.enabled" -}} -{{- if or .Values.kubelet.enabled .Values.hardenedKubelet.enabled .Values.k3sServer.enabled -}} -"true" -{{- end -}} -{{- end }} - -{{- define "exporter.kubeControllerManager.jobName" -}} -{{- if .Values.k3sServer.enabled -}} -k3s-server -{{- else -}} -kube-controller-manager -{{- end -}} -{{- end }} - -{{- define "exporter.kubeScheduler.jobName" -}} -{{- if .Values.k3sServer.enabled -}} -k3s-server -{{- else -}} -kube-scheduler -{{- end -}} -{{- end }} - -{{- define "exporter.kubeProxy.jobName" -}} -{{- if .Values.k3sServer.enabled -}} -k3s-server -{{- else -}} -kube-proxy -{{- end -}} -{{- end }} - -{{- define "exporter.kubelet.jobName" -}} -{{- if .Values.k3sServer.enabled -}} -k3s-server -{{- else -}} -kubelet -{{- end -}} -{{- end }} - -{{- define "kubelet.serviceMonitor.resourcePath" -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if not (eq .Values.kubelet.serviceMonitor.resourcePath "/metrics/resource/v1alpha1") -}} -{{ .Values.kubelet.serviceMonitor.resourcePath }} -{{- else if semverCompare ">=1.20.0-0" $kubeTargetVersion -}} -/metrics/resource -{{- else -}} -/metrics/resource/v1alpha1 -{{- end -}} -{{- end }} - -{{- define "rancher.serviceMonitor.selector" -}} -{{- if .Values.rancherMonitoring.selector }} -{{ .Values.rancherMonitoring.selector | toYaml }} -{{- else }} -{{- $rancherDeployment := (lookup "apps/v1" "Deployment" "cattle-system" "rancher") }} -{{- if $rancherDeployment }} -matchLabels: - app: rancher - chart: {{ index $rancherDeployment.metadata.labels "chart" }} - release: rancher -{{- end }} -{{- end }} -{{- end }} - -# Windows Support - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} - -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} -beta.kubernetes.io/os: linux -{{- else -}} -kubernetes.io/os: linux -{{- end -}} -{{- end -}} - -# Prometheus Operator - -{{/* vim: set filetype=mustache: */}} -{{/* Expand the name of the chart. This is suffixed with -alertmanager, which means subtract 13 from longest 63 available */}} -{{- define "kube-prometheus-stack.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -The components in this chart create additional resources that expand the longest created name strings. -The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. -*/}} -{{- define "kube-prometheus-stack.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 26 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Fullname suffixed with operator */}} -{{- define "kube-prometheus-stack.operator.fullname" -}} -{{- printf "%s-operator" (include "kube-prometheus-stack.fullname" .) -}} -{{- end }} - -{{/* Prometheus custom resource instance name */}} -{{- define "kube-prometheus-stack.prometheus.crname" -}} -{{- if .Values.cleanPrometheusOperatorObjectNames }} -{{- include "kube-prometheus-stack.fullname" . }} -{{- else }} -{{- print (include "kube-prometheus-stack.fullname" .) "-prometheus" }} -{{- end }} -{{- end }} - -{{/* Alertmanager custom resource instance name */}} -{{- define "kube-prometheus-stack.alertmanager.crname" -}} -{{- if .Values.cleanPrometheusOperatorObjectNames }} -{{- include "kube-prometheus-stack.fullname" . }} -{{- else }} -{{- print (include "kube-prometheus-stack.fullname" .) "-alertmanager" -}} -{{- end }} -{{- end }} - -{{/* Fullname suffixed with thanos-ruler */}} -{{- define "kube-prometheus-stack.thanosRuler.fullname" -}} -{{- printf "%s-thanos-ruler" (include "kube-prometheus-stack.fullname" .) -}} -{{- end }} - -{{/* Create chart name and version as used by the chart label. */}} -{{- define "kube-prometheus-stack.chartref" -}} -{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} -{{- end }} - -{{/* Generate basic labels */}} -{{- define "kube-prometheus-stack.labels" }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/instance: {{ .Release.Name }} -app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" -app.kubernetes.io/part-of: {{ template "kube-prometheus-stack.name" . }} -chart: {{ template "kube-prometheus-stack.chartref" . }} -release: {{ $.Release.Name | quote }} -heritage: {{ $.Release.Service | quote }} -{{- if .Values.commonLabels}} -{{ toYaml .Values.commonLabels }} -{{- end }} -{{- end }} - -{{/* Create the name of kube-prometheus-stack service account to use */}} -{{- define "kube-prometheus-stack.operator.serviceAccountName" -}} -{{- if .Values.prometheusOperator.serviceAccount.create -}} - {{ default (include "kube-prometheus-stack.operator.fullname" .) .Values.prometheusOperator.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.prometheusOperator.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* Create the name of prometheus service account to use */}} -{{- define "kube-prometheus-stack.prometheus.serviceAccountName" -}} -{{- if .Values.prometheus.serviceAccount.create -}} - {{ default (print (include "kube-prometheus-stack.fullname" .) "-prometheus") .Values.prometheus.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.prometheus.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* Create the name of alertmanager service account to use */}} -{{- define "kube-prometheus-stack.alertmanager.serviceAccountName" -}} -{{- if .Values.alertmanager.serviceAccount.create -}} - {{ default (print (include "kube-prometheus-stack.fullname" .) "-alertmanager") .Values.alertmanager.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.alertmanager.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* Create the name of thanosRuler service account to use */}} -{{- define "kube-prometheus-stack.thanosRuler.serviceAccountName" -}} -{{- if .Values.thanosRuler.serviceAccount.create -}} - {{ default (include "kube-prometheus-stack.thanosRuler.fullname" .) .Values.thanosRuler.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.thanosRuler.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Allow the release namespace to be overridden for multi-namespace deployments in combined charts -*/}} -{{- define "kube-prometheus-stack.namespace" -}} - {{- if .Values.namespaceOverride -}} - {{- .Values.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* -Use the grafana namespace override for multi-namespace deployments in combined charts -*/}} -{{- define "kube-prometheus-stack-grafana.namespace" -}} - {{- if .Values.grafana.namespaceOverride -}} - {{- .Values.grafana.namespaceOverride -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* -Use the kube-state-metrics namespace override for multi-namespace deployments in combined charts -*/}} -{{- define "kube-prometheus-stack-kube-state-metrics.namespace" -}} - {{- if index .Values "kube-state-metrics" "namespaceOverride" -}} - {{- index .Values "kube-state-metrics" "namespaceOverride" -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* -Use the prometheus-node-exporter namespace override for multi-namespace deployments in combined charts -*/}} -{{- define "kube-prometheus-stack-prometheus-node-exporter.namespace" -}} - {{- if index .Values "prometheus-node-exporter" "namespaceOverride" -}} - {{- index .Values "prometheus-node-exporter" "namespaceOverride" -}} - {{- else -}} - {{- .Release.Namespace -}} - {{- end -}} -{{- end -}} - -{{/* Allow KubeVersion to be overridden. */}} -{{- define "kube-prometheus-stack.kubeVersion" -}} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersionOverride -}} -{{- end -}} - -{{/* Get Ingress API Version */}} -{{- define "kube-prometheus-stack.ingress.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19-0" (include "kube-prometheus-stack.kubeVersion" .)) -}} - {{- print "networking.k8s.io/v1" -}} - {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} - {{- print "networking.k8s.io/v1beta1" -}} - {{- else -}} - {{- print "extensions/v1beta1" -}} - {{- end -}} -{{- end -}} - -{{/* Check Ingress stability */}} -{{- define "kube-prometheus-stack.ingress.isStable" -}} - {{- eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1" -}} -{{- end -}} - -{{/* Check Ingress supports pathType */}} -{{/* pathType was added to networking.k8s.io/v1beta1 in Kubernetes 1.18 */}} -{{- define "kube-prometheus-stack.ingress.supportsPathType" -}} - {{- or (eq (include "kube-prometheus-stack.ingress.isStable" .) "true") (and (eq (include "kube-prometheus-stack.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18-0" (include "kube-prometheus-stack.kubeVersion" .))) -}} -{{- end -}} - -{{/* Get Policy API Version */}} -{{- define "kube-prometheus-stack.pdb.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" (include "kube-prometheus-stack.kubeVersion" .)) -}} - {{- print "policy/v1" -}} - {{- else -}} - {{- print "policy/v1beta1" -}} - {{- end -}} - {{- end -}} - -{{/* Get value based on current Kubernetes version */}} -{{- define "kube-prometheus-stack.kubeVersionDefaultValue" -}} - {{- $values := index . 0 -}} - {{- $kubeVersion := index . 1 -}} - {{- $old := index . 2 -}} - {{- $new := index . 3 -}} - {{- $default := index . 4 -}} - {{- if kindIs "invalid" $default -}} - {{- if semverCompare $kubeVersion (include "kube-prometheus-stack.kubeVersion" $values) -}} - {{- print $new -}} - {{- else -}} - {{- print $old -}} - {{- end -}} - {{- else -}} - {{- print $default }} - {{- end -}} -{{- end -}} - -{{/* Get value for kube-controller-manager depending on insecure scraping availability */}} -{{- define "kube-prometheus-stack.kubeControllerManager.insecureScrape" -}} - {{- $values := index . 0 -}} - {{- $insecure := index . 1 -}} - {{- $secure := index . 2 -}} - {{- $userValue := index . 3 -}} - {{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.22-0" $insecure $secure $userValue) -}} -{{- end -}} - -{{/* Get value for kube-scheduler depending on insecure scraping availability */}} -{{- define "kube-prometheus-stack.kubeScheduler.insecureScrape" -}} - {{- $values := index . 0 -}} - {{- $insecure := index . 1 -}} - {{- $secure := index . 2 -}} - {{- $userValue := index . 3 -}} - {{- include "kube-prometheus-stack.kubeVersionDefaultValue" (list $values ">= 1.23-0" $insecure $secure $userValue) -}} -{{- end -}} - -{{/* -To help compatibility with other charts which use global.imagePullSecrets. -Allow either an array of {name: pullSecret} maps (k8s-style), or an array of strings (more common helm-style). -global: - imagePullSecrets: - - name: pullSecret1 - - name: pullSecret2 - -or - -global: - imagePullSecrets: - - pullSecret1 - - pullSecret2 -*/}} -{{- define "kube-prometheus-stack.imagePullSecrets" -}} -{{- range .Values.global.imagePullSecrets }} - {{- if eq (typeOf .) "map[string]interface {}" }} -- {{ toYaml . | trim }} - {{- else }} -- name: {{ . }} - {{- end }} -{{- end }} -{{- end -}} diff --git a/charts/rancher-monitoring/templates/alertmanager/alertmanager.yaml b/charts/rancher-monitoring/templates/alertmanager/alertmanager.yaml deleted file mode 100644 index c60985285..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/alertmanager.yaml +++ /dev/null @@ -1,170 +0,0 @@ -{{- if .Values.alertmanager.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: Alertmanager -metadata: - name: {{ template "kube-prometheus-stack.alertmanager.crname" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.alertmanager.annotations }} - annotations: -{{ toYaml .Values.alertmanager.annotations | indent 4 }} -{{- end }} -spec: -{{- if .Values.alertmanager.alertmanagerSpec.image }} - {{- if and .Values.alertmanager.alertmanagerSpec.image.tag .Values.alertmanager.alertmanagerSpec.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}" - {{- else if .Values.alertmanager.alertmanagerSpec.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.alertmanager.alertmanagerSpec.image.repository }}@sha256:{{ .Values.alertmanager.alertmanagerSpec.image.sha }}" - {{- else if .Values.alertmanager.alertmanagerSpec.image.tag }} - image: "{{ template "system_default_registry" . }}{{ .Values.alertmanager.alertmanagerSpec.image.repository }}:{{ .Values.alertmanager.alertmanagerSpec.image.tag }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.alertmanager.alertmanagerSpec.image.repository }}" - {{- end }} - version: {{ .Values.alertmanager.alertmanagerSpec.image.tag }} - {{- if .Values.alertmanager.alertmanagerSpec.image.sha }} - sha: {{ .Values.alertmanager.alertmanagerSpec.image.sha }} - {{- end }} -{{- end }} - replicas: {{ .Values.alertmanager.alertmanagerSpec.replicas }} - listenLocal: {{ .Values.alertmanager.alertmanagerSpec.listenLocal }} - serviceAccountName: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} -{{- if .Values.alertmanager.alertmanagerSpec.externalUrl }} - externalUrl: "{{ tpl .Values.alertmanager.alertmanagerSpec.externalUrl . }}" -{{- else if and .Values.alertmanager.ingress.enabled .Values.alertmanager.ingress.hosts }} - externalUrl: "http://{{ tpl (index .Values.alertmanager.ingress.hosts 0) . }}{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" -{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} - externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ .Values.namespaceOverride }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}/proxy" -{{- else }} - externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-alertmanager.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.alertmanager.service.port }} -{{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} -{{- if .Values.alertmanager.alertmanagerSpec.nodeSelector }} -{{ toYaml .Values.alertmanager.alertmanagerSpec.nodeSelector | indent 4 }} -{{- end }} - paused: {{ .Values.alertmanager.alertmanagerSpec.paused }} - logFormat: {{ .Values.alertmanager.alertmanagerSpec.logFormat | quote }} - logLevel: {{ .Values.alertmanager.alertmanagerSpec.logLevel | quote }} - retention: {{ .Values.alertmanager.alertmanagerSpec.retention | quote }} -{{- if .Values.alertmanager.alertmanagerSpec.secrets }} - secrets: -{{ toYaml .Values.alertmanager.alertmanagerSpec.secrets | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.configSecret }} - configSecret: {{ .Values.alertmanager.alertmanagerSpec.configSecret }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.configMaps }} - configMaps: -{{ toYaml .Values.alertmanager.alertmanagerSpec.configMaps | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector }} - alertmanagerConfigSelector: -{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigSelector | indent 4}} -{{ else }} - alertmanagerConfigSelector: {} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector }} - alertmanagerConfigNamespaceSelector: -{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfigNamespaceSelector | indent 4}} -{{ else }} - alertmanagerConfigNamespaceSelector: {} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.web }} - web: -{{ toYaml .Values.alertmanager.alertmanagerSpec.web | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration }} - alertmanagerConfiguration: -{{ toYaml .Values.alertmanager.alertmanagerSpec.alertmanagerConfiguration | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.resources }} - resources: -{{ toYaml .Values.alertmanager.alertmanagerSpec.resources | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} - routePrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.securityContext }} - securityContext: -{{ toYaml .Values.alertmanager.alertmanagerSpec.securityContext | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.storage }} - storage: -{{ tpl (toYaml .Values.alertmanager.alertmanagerSpec.storage | indent 4) . }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.podMetadata }} - podMetadata: -{{ toYaml .Values.alertmanager.alertmanagerSpec.podMetadata | indent 4 }} -{{- end }} -{{- if or .Values.alertmanager.alertmanagerSpec.podAntiAffinity .Values.alertmanager.alertmanagerSpec.affinity }} - affinity: -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.affinity }} -{{ toYaml .Values.alertmanager.alertmanagerSpec.affinity | indent 4 }} -{{- end }} -{{- if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} - labelSelector: - matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [alertmanager]} - - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]} -{{- else if eq .Values.alertmanager.alertmanagerSpec.podAntiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.alertmanager.alertmanagerSpec.podAntiAffinityTopologyKey }} - labelSelector: - matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [alertmanager]} - - {key: alertmanager, operator: In, values: [{{ template "kube-prometheus-stack.alertmanager.crname" . }}]} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} -{{- if .Values.alertmanager.alertmanagerSpec.tolerations }} -{{ toYaml .Values.alertmanager.alertmanagerSpec.tolerations | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml .Values.alertmanager.alertmanagerSpec.topologySpreadConstraints | indent 4 }} -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.containers }} - containers: -{{ toYaml .Values.alertmanager.alertmanagerSpec.containers | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.initContainers }} - initContainers: -{{ toYaml .Values.alertmanager.alertmanagerSpec.initContainers | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.priorityClassName }} - priorityClassName: {{.Values.alertmanager.alertmanagerSpec.priorityClassName }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.additionalPeers }} - additionalPeers: -{{ toYaml .Values.alertmanager.alertmanagerSpec.additionalPeers | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.volumes }} - volumes: -{{ toYaml .Values.alertmanager.alertmanagerSpec.volumes | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.volumeMounts }} - volumeMounts: -{{ toYaml .Values.alertmanager.alertmanagerSpec.volumeMounts | indent 4 }} -{{- end }} - portName: {{ .Values.alertmanager.alertmanagerSpec.portName }} -{{- if .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }} - clusterAdvertiseAddress: {{ .Values.alertmanager.alertmanagerSpec.clusterAdvertiseAddress }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }} - forceEnableClusterMode: {{ .Values.alertmanager.alertmanagerSpec.forceEnableClusterMode }} -{{- end }} -{{- if .Values.alertmanager.alertmanagerSpec.minReadySeconds }} - minReadySeconds: {{ .Values.alertmanager.alertmanagerSpec.minReadySeconds }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/extrasecret.yaml b/charts/rancher-monitoring/templates/alertmanager/extrasecret.yaml deleted file mode 100644 index ecd8f4702..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/extrasecret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.alertmanager.extraSecret.data -}} -{{- $secretName := printf "alertmanager-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ default $secretName .Values.alertmanager.extraSecret.name }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.alertmanager.extraSecret.annotations }} - annotations: -{{ toYaml .Values.alertmanager.extraSecret.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - app.kubernetes.io/component: alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -data: -{{- range $key, $val := .Values.alertmanager.extraSecret.data }} - {{ $key }}: {{ $val | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/ingress.yaml b/charts/rancher-monitoring/templates/alertmanager/ingress.yaml deleted file mode 100644 index 29c9cbceb..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/ingress.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.ingress.enabled }} -{{- $pathType := .Values.alertmanager.ingress.pathType | default "ImplementationSpecific" }} -{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} -{{- $servicePort := .Values.alertmanager.ingress.servicePort | default .Values.alertmanager.service.port -}} -{{- $routePrefix := list .Values.alertmanager.alertmanagerSpec.routePrefix }} -{{- $paths := .Values.alertmanager.ingress.paths | default $routePrefix -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $serviceName }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.alertmanager.ingress.annotations }} - annotations: -{{ toYaml .Values.alertmanager.ingress.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{- if .Values.alertmanager.ingress.labels }} -{{ toYaml .Values.alertmanager.ingress.labels | indent 4 }} -{{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - {{- if $apiIsStable }} - {{- if .Values.alertmanager.ingress.ingressClassName }} - ingressClassName: {{ .Values.alertmanager.ingress.ingressClassName }} - {{- end }} - {{- end }} - rules: - {{- if .Values.alertmanager.ingress.hosts }} - {{- range $host := .Values.alertmanager.ingress.hosts }} - - host: {{ tpl $host $ }} - http: - paths: - {{- range $p := $paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- range $p := $paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.alertmanager.ingress.tls }} - tls: -{{ tpl (toYaml .Values.alertmanager.ingress.tls | indent 4) . }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/templates/alertmanager/ingressperreplica.yaml b/charts/rancher-monitoring/templates/alertmanager/ingressperreplica.yaml deleted file mode 100644 index f21bf9616..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/ingressperreplica.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled .Values.alertmanager.ingressPerReplica.enabled }} -{{- $pathType := .Values.alertmanager.ingressPerReplica.pathType | default "" }} -{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} -{{- $servicePort := .Values.alertmanager.service.port -}} -{{- $ingressValues := .Values.alertmanager.ingressPerReplica -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: v1 -kind: List -metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-ingressperreplica - namespace: {{ template "kube-prometheus-stack.namespace" . }} -items: -{{ range $i, $e := until $count }} - - kind: Ingress - apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }} - metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager - {{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if $ingressValues.labels }} -{{ toYaml $ingressValues.labels | indent 8 }} - {{- end }} - {{- if $ingressValues.annotations }} - annotations: -{{ toYaml $ingressValues.annotations | indent 8 }} - {{- end }} - spec: - {{- if $apiIsStable }} - {{- if $ingressValues.ingressClassName }} - ingressClassName: {{ $ingressValues.ingressClassName }} - {{- end }} - {{- end }} - rules: - - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} - http: - paths: - {{- range $p := $ingressValues.paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} - tls: - - hosts: - - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} - {{- if $ingressValues.tlsSecretPerReplica.enabled }} - secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }} - {{- else }} - secretName: {{ $ingressValues.tlsSecretName }} - {{- end }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/templates/alertmanager/podDisruptionBudget.yaml b/charts/rancher-monitoring/templates/alertmanager/podDisruptionBudget.yaml deleted file mode 100644 index b18340312..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/podDisruptionBudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.podDisruptionBudget.enabled }} -apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - {{- if .Values.alertmanager.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.alertmanager.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.alertmanager.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: alertmanager - alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/psp-role.yaml b/charts/rancher-monitoring/templates/alertmanager/psp-role.yaml deleted file mode 100644 index c64545263..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/psp-role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/psp-rolebinding.yaml b/charts/rancher-monitoring/templates/alertmanager/psp-rolebinding.yaml deleted file mode 100644 index 6f014c570..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/psp-rolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/psp.yaml b/charts/rancher-monitoring/templates/alertmanager/psp.yaml deleted file mode 100644 index 57abbf334..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/psp.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{- if .Values.global.rbac.pspAnnotations }} - annotations: -{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} -{{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/secret.yaml b/charts/rancher-monitoring/templates/alertmanager/secret.yaml deleted file mode 100644 index c0a8b9fe6..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and (.Values.alertmanager.enabled) (not .Values.alertmanager.alertmanagerSpec.useExistingSecret) }} -{{/* This file is applied when the operation is helm install and the target secret does not exist. */}} -{{- $secretName := (printf "alertmanager-%s" (include "kube-prometheus-stack.alertmanager.crname" .)) }} -{{- if (not (lookup "v1" "Secret" (include "kube-prometheus-stack.namespace" .) $secretName)) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ $secretName }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": pre-install, pre-upgrade - "helm.sh/hook-weight": "3" - "helm.sh/resource-policy": keep -{{- if .Values.alertmanager.secret.annotations }} -{{ toYaml .Values.alertmanager.secret.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -data: -{{- if .Values.alertmanager.tplConfig }} -{{- if eq (typeOf .Values.alertmanager.config) "string" }} - alertmanager.yaml: {{ tpl (.Values.alertmanager.config) . | b64enc | quote }} -{{- else }} - alertmanager.yaml: {{ tpl (toYaml .Values.alertmanager.config) . | b64enc | quote }} -{{- end }} -{{- else }} - alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} -{{- end}} -{{- range $key, $val := .Values.alertmanager.templateFiles }} - {{ $key }}: {{ $val | b64enc | quote }} -{{- end }} -{{- end }}{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/service.yaml b/charts/rancher-monitoring/templates/alertmanager/service.yaml deleted file mode 100644 index 44100ec1c..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/service.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.alertmanager.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - self-monitor: {{ .Values.alertmanager.serviceMonitor.selfMonitor | quote }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.alertmanager.service.labels }} -{{ toYaml .Values.alertmanager.service.labels | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.service.annotations }} - annotations: -{{ toYaml .Values.alertmanager.service.annotations | indent 4 }} -{{- end }} -spec: -{{- if .Values.alertmanager.service.clusterIP }} - clusterIP: {{ .Values.alertmanager.service.clusterIP }} -{{- end }} -{{- if .Values.alertmanager.service.externalIPs }} - externalIPs: -{{ toYaml .Values.alertmanager.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.alertmanager.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.alertmanager.service.loadBalancerIP }} -{{- end }} -{{- if .Values.alertmanager.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.alertmanager.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} -{{- if ne .Values.alertmanager.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.alertmanager.service.externalTrafficPolicy }} -{{- end }} - ports: - - name: {{ .Values.alertmanager.alertmanagerSpec.portName }} - {{- if eq .Values.alertmanager.service.type "NodePort" }} - nodePort: {{ .Values.alertmanager.service.nodePort }} - {{- end }} - port: {{ .Values.alertmanager.service.port }} - targetPort: {{ .Values.alertmanager.service.targetPort }} - protocol: TCP -{{- if .Values.alertmanager.service.additionalPorts }} -{{ toYaml .Values.alertmanager.service.additionalPorts | indent 2 }} -{{- end }} - selector: - app.kubernetes.io/name: alertmanager - alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" . }} - type: "{{ .Values.alertmanager.service.type }}" -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/serviceaccount.yaml b/charts/rancher-monitoring/templates/alertmanager/serviceaccount.yaml deleted file mode 100644 index ae433d553..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus-stack.alertmanager.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-alertmanager - app.kubernetes.io/component: alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.alertmanager.serviceAccount.annotations }} - annotations: -{{ toYaml .Values.alertmanager.serviceAccount.annotations | indent 4 }} -{{- end }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2}} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/servicemonitor.yaml b/charts/rancher-monitoring/templates/alertmanager/servicemonitor.yaml deleted file mode 100644 index b1e0ec34f..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/servicemonitor.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-alertmanager - release: {{ $.Release.Name | quote }} - self-monitor: "true" - namespaceSelector: - matchNames: - - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} - endpoints: - - port: {{ .Values.alertmanager.alertmanagerSpec.portName }} - {{- if .Values.alertmanager.serviceMonitor.interval }} - interval: {{ .Values.alertmanager.serviceMonitor.interval }} - {{- end }} - {{- if .Values.alertmanager.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.alertmanager.serviceMonitor.proxyUrl}} - {{- end }} - {{- if .Values.alertmanager.serviceMonitor.scheme }} - scheme: {{ .Values.alertmanager.serviceMonitor.scheme }} - {{- end }} - {{- if .Values.alertmanager.serviceMonitor.bearerTokenFile }} - bearerTokenFile: {{ .Values.alertmanager.serviceMonitor.bearerTokenFile }} - {{- end }} - {{- if .Values.alertmanager.serviceMonitor.tlsConfig }} - tlsConfig: {{ toYaml .Values.alertmanager.serviceMonitor.tlsConfig | nindent 6 }} - {{- end }} - path: "{{ trimSuffix "/" .Values.alertmanager.alertmanagerSpec.routePrefix }}/metrics" - metricRelabelings: - {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.alertmanager.serviceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.alertmanager.serviceMonitor.relabelings }} - relabelings: -{{ toYaml .Values.alertmanager.serviceMonitor.relabelings | indent 6 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/alertmanager/serviceperreplica.yaml b/charts/rancher-monitoring/templates/alertmanager/serviceperreplica.yaml deleted file mode 100644 index 75a13bdf9..000000000 --- a/charts/rancher-monitoring/templates/alertmanager/serviceperreplica.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.servicePerReplica.enabled }} -{{- $count := .Values.alertmanager.alertmanagerSpec.replicas | int -}} -{{- $serviceValues := .Values.alertmanager.servicePerReplica -}} -apiVersion: v1 -kind: List -metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-serviceperreplica - namespace: {{ template "kube-prometheus-stack.namespace" . }} -items: -{{- range $i, $e := until $count }} - - apiVersion: v1 - kind: Service - metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-alertmanager-{{ $i }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ include "kube-prometheus-stack.name" $ }}-alertmanager -{{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if $serviceValues.annotations }} - annotations: -{{ toYaml $serviceValues.annotations | indent 8 }} - {{- end }} - spec: - {{- if $serviceValues.clusterIP }} - clusterIP: {{ $serviceValues.clusterIP }} - {{- end }} - {{- if $serviceValues.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := $serviceValues.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} - {{- end }} - {{- if ne $serviceValues.type "ClusterIP" }} - externalTrafficPolicy: {{ $serviceValues.externalTrafficPolicy }} - {{- end }} - ports: - - name: {{ $.Values.alertmanager.alertmanagerSpec.portName }} - {{- if eq $serviceValues.type "NodePort" }} - nodePort: {{ $serviceValues.nodePort }} - {{- end }} - port: {{ $serviceValues.port }} - targetPort: {{ $serviceValues.targetPort }} - selector: - app.kubernetes.io/name: alertmanager - alertmanager: {{ template "kube-prometheus-stack.alertmanager.crname" $ }} - statefulset.kubernetes.io/pod-name: alertmanager-{{ include "kube-prometheus-stack.alertmanager.crname" $ }}-{{ $i }} - type: "{{ $serviceValues.type }}" -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/core-dns/service.yaml b/charts/rancher-monitoring/templates/exporters/core-dns/service.yaml deleted file mode 100644 index f77db4199..000000000 --- a/charts/rancher-monitoring/templates/exporters/core-dns/service.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.coreDns.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-coredns - labels: - app: {{ template "kube-prometheus-stack.name" . }}-coredns - jobLabel: coredns -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.coreDns.service.port }} - protocol: TCP - targetPort: {{ .Values.coreDns.service.targetPort }} - selector: - {{- if .Values.coreDns.service.selector }} -{{ toYaml .Values.coreDns.service.selector | indent 4 }} - {{- else}} - k8s-app: kube-dns - {{- end}} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/core-dns/servicemonitor.yaml b/charts/rancher-monitoring/templates/exporters/core-dns/servicemonitor.yaml deleted file mode 100644 index c3049e2a0..000000000 --- a/charts/rancher-monitoring/templates/exporters/core-dns/servicemonitor.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.coreDns.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-coredns - namespace: "kube-system" - labels: - app: {{ template "kube-prometheus-stack.name" . }}-coredns - {{- with .Values.coreDns.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - jobLabel: jobLabel - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-coredns - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - "kube-system" - endpoints: - - port: http-metrics - {{- if .Values.coreDns.serviceMonitor.interval}} - interval: {{ .Values.coreDns.serviceMonitor.interval }} - {{- end }} - {{- if .Values.coreDns.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.coreDns.serviceMonitor.proxyUrl}} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - metricRelabelings: - {{- if .Values.coreDns.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.coreDns.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName }} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.coreDns.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.coreDns.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-api-server/servicemonitor.yaml b/charts/rancher-monitoring/templates/exporters/kube-api-server/servicemonitor.yaml deleted file mode 100644 index 1b57f302f..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-api-server/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.kubeApiServer.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-apiserver - namespace: default - labels: - app: {{ template "kube-prometheus-stack.name" . }}-apiserver - {{- with .Values.kubeApiServer.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeApiServer.serviceMonitor.interval }} - interval: {{ .Values.kubeApiServer.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl}} - {{- end }} - port: https - scheme: https - metricRelabelings: - {{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} -{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.kubeApiServer.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.relabelings | indent 6) . }} -{{- end }} - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }} - insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }} - jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }} - namespaceSelector: - matchNames: - - default - selector: -{{ toYaml .Values.kubeApiServer.serviceMonitor.selector | indent 4 }} -{{- end}} diff --git a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/endpoints.yaml b/charts/rancher-monitoring/templates/exporters/kube-controller-manager/endpoints.yaml deleted file mode 100644 index eca337dab..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/endpoints.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager - k8s-app: kube-controller-manager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -subsets: - - addresses: - {{- range .Values.kubeControllerManager.endpoints }} - - ip: {{ . }} - {{- end }} - ports: - - name: http-metrics - {{- $kubeControllerManagerDefaultInsecurePort := 10252 }} - {{- $kubeControllerManagerDefaultSecurePort := 10257 }} - port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }} - protocol: TCP -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/service.yaml b/charts/rancher-monitoring/templates/exporters/kube-controller-manager/service.yaml deleted file mode 100644 index 197f0f4f6..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager - jobLabel: kube-controller-manager -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -spec: - clusterIP: None - ports: - - name: http-metrics - {{- $kubeControllerManagerDefaultInsecurePort := 10252 }} - {{- $kubeControllerManagerDefaultSecurePort := 10257 }} - port: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.port) }} - protocol: TCP - targetPort: {{ include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . $kubeControllerManagerDefaultInsecurePort $kubeControllerManagerDefaultSecurePort .Values.kubeControllerManager.service.targetPort) }} -{{- if .Values.kubeControllerManager.endpoints }}{{- else }} - selector: - {{- if .Values.kubeControllerManager.service.selector }} -{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }} - {{- else}} - component: kube-controller-manager - {{- end}} -{{- end }} - type: ClusterIP -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/servicemonitor.yaml b/charts/rancher-monitoring/templates/exporters/kube-controller-manager/servicemonitor.yaml deleted file mode 100644 index 1c7e778ed..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-controller-manager/servicemonitor.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-controller-manager - namespace: "kube-system" - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager - {{- with .Values.kubeControllerManager.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - jobLabel: jobLabel - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-controller-manager - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - "kube-system" - endpoints: - - port: http-metrics - {{- if .Values.kubeControllerManager.serviceMonitor.interval }} - interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeControllerManager.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubeControllerManager.serviceMonitor.proxyUrl}} - {{- end }} - {{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . false true .Values.kubeControllerManager.serviceMonitor.https )) "true" }} - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - {{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . nil true .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify)) "true" }} - insecureSkipVerify: true - {{- end }} - {{- if .Values.kubeControllerManager.serviceMonitor.serverName }} - serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} - {{- end }} - {{- end }} - metricRelabelings: - {{- if.Values.kubeControllerManager.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-dns/service.yaml b/charts/rancher-monitoring/templates/exporters/kube-dns/service.yaml deleted file mode 100644 index c7bf142d5..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-dns/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.kubeDns.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-dns - jobLabel: kube-dns -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -spec: - clusterIP: None - ports: - - name: http-metrics-dnsmasq - port: {{ .Values.kubeDns.service.dnsmasq.port }} - protocol: TCP - targetPort: {{ .Values.kubeDns.service.dnsmasq.targetPort }} - - name: http-metrics-skydns - port: {{ .Values.kubeDns.service.skydns.port }} - protocol: TCP - targetPort: {{ .Values.kubeDns.service.skydns.targetPort }} - selector: - {{- if .Values.kubeDns.service.selector }} -{{ toYaml .Values.kubeDns.service.selector | indent 4 }} - {{- else}} - k8s-app: kube-dns - {{- end}} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-dns/servicemonitor.yaml b/charts/rancher-monitoring/templates/exporters/kube-dns/servicemonitor.yaml deleted file mode 100644 index c2fb9c426..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-dns/servicemonitor.yaml +++ /dev/null @@ -1,62 +0,0 @@ -{{- if .Values.kubeDns.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-dns - namespace: "kube-system" - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-dns - {{- with .Values.kubeDns.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - jobLabel: jobLabel - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-dns - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - "kube-system" - endpoints: - - port: http-metrics-dnsmasq - {{- if .Values.kubeDns.serviceMonitor.interval }} - interval: {{ .Values.kubeDns.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeDns.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubeDns.serviceMonitor.proxyUrl}} - {{- end }} - metricRelabelings: - {{- if .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings }} - {{ tpl (toYaml .Values.kubeDns.serviceMonitor.dnsmasqMetricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.kubeDns.serviceMonitor.dnsmasqRelabelings }} - relabelings: -{{ toYaml .Values.kubeDns.serviceMonitor.dnsmasqRelabelings | indent 4 }} -{{- end }} - - port: http-metrics-skydns - {{- if .Values.kubeDns.serviceMonitor.interval }} - interval: {{ .Values.kubeDns.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- if .Values.kubeDns.serviceMonitor.metricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubeDns.serviceMonitor.metricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubeDns.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubeDns.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-etcd/endpoints.yaml b/charts/rancher-monitoring/templates/exporters/kube-etcd/endpoints.yaml deleted file mode 100644 index 8f07a5cc2..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-etcd/endpoints.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.endpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd - k8s-app: etcd-server -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -subsets: - - addresses: - {{- range .Values.kubeEtcd.endpoints }} - - ip: {{ . }} - {{- end }} - ports: - - name: http-metrics - port: {{ .Values.kubeEtcd.service.port }} - protocol: TCP -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-etcd/service.yaml b/charts/rancher-monitoring/templates/exporters/kube-etcd/service.yaml deleted file mode 100644 index b2677e280..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-etcd/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd - jobLabel: kube-etcd -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.kubeEtcd.service.port }} - protocol: TCP - targetPort: {{ .Values.kubeEtcd.service.targetPort }} -{{- if .Values.kubeEtcd.endpoints }}{{- else }} - selector: - {{- if .Values.kubeEtcd.service.selector }} -{{ toYaml .Values.kubeEtcd.service.selector | indent 4 }} - {{- else}} - component: etcd - {{- end}} -{{- end }} - type: ClusterIP -{{- end -}} diff --git a/charts/rancher-monitoring/templates/exporters/kube-etcd/servicemonitor.yaml b/charts/rancher-monitoring/templates/exporters/kube-etcd/servicemonitor.yaml deleted file mode 100644 index 82388082f..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-etcd/servicemonitor.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if and .Values.kubeEtcd.enabled .Values.kubeEtcd.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-etcd - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd - {{- with .Values.kubeEtcd.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - jobLabel: jobLabel - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-etcd - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - "kube-system" - endpoints: - - port: http-metrics - {{- if .Values.kubeEtcd.serviceMonitor.interval }} - interval: {{ .Values.kubeEtcd.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeEtcd.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubeEtcd.serviceMonitor.proxyUrl}} - {{- end }} - {{- if eq .Values.kubeEtcd.serviceMonitor.scheme "https" }} - scheme: https - tlsConfig: - {{- if .Values.kubeEtcd.serviceMonitor.serverName }} - serverName: {{ .Values.kubeEtcd.serviceMonitor.serverName }} - {{- end }} - {{- if .Values.kubeEtcd.serviceMonitor.caFile }} - caFile: {{ .Values.kubeEtcd.serviceMonitor.caFile }} - {{- end }} - {{- if .Values.kubeEtcd.serviceMonitor.certFile }} - certFile: {{ .Values.kubeEtcd.serviceMonitor.certFile }} - {{- end }} - {{- if .Values.kubeEtcd.serviceMonitor.keyFile }} - keyFile: {{ .Values.kubeEtcd.serviceMonitor.keyFile }} - {{- end}} - insecureSkipVerify: {{ .Values.kubeEtcd.serviceMonitor.insecureSkipVerify }} - {{- end }} - metricRelabelings: - {{- if .Values.kubeEtcd.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.kubeEtcd.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubeEtcd.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-proxy/endpoints.yaml b/charts/rancher-monitoring/templates/exporters/kube-proxy/endpoints.yaml deleted file mode 100644 index 2cb756d15..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-proxy/endpoints.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.endpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy - k8s-app: kube-proxy -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -subsets: - - addresses: - {{- range .Values.kubeProxy.endpoints }} - - ip: {{ . }} - {{- end }} - ports: - - name: http-metrics - port: {{ .Values.kubeProxy.service.port }} - protocol: TCP -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-proxy/service.yaml b/charts/rancher-monitoring/templates/exporters/kube-proxy/service.yaml deleted file mode 100644 index 6a93319ef..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-proxy/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy - jobLabel: kube-proxy -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.kubeProxy.service.port }} - protocol: TCP - targetPort: {{ .Values.kubeProxy.service.targetPort }} -{{- if .Values.kubeProxy.endpoints }}{{- else }} - selector: - {{- if .Values.kubeProxy.service.selector }} -{{ toYaml .Values.kubeProxy.service.selector | indent 4 }} - {{- else}} - k8s-app: kube-proxy - {{- end}} -{{- end }} - type: ClusterIP -{{- end -}} diff --git a/charts/rancher-monitoring/templates/exporters/kube-proxy/servicemonitor.yaml b/charts/rancher-monitoring/templates/exporters/kube-proxy/servicemonitor.yaml deleted file mode 100644 index 4add74ba1..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-proxy/servicemonitor.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if and .Values.kubeProxy.enabled .Values.kubeProxy.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-proxy - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy - {{- with .Values.kubeProxy.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - jobLabel: jobLabel - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-proxy - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - "kube-system" - endpoints: - - port: http-metrics - {{- if .Values.kubeProxy.serviceMonitor.interval }} - interval: {{ .Values.kubeProxy.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeProxy.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}} - {{- end }} - {{- if .Values.kubeProxy.serviceMonitor.https }} - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - {{- end}} - metricRelabelings: - {{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.kubeProxy.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-scheduler/endpoints.yaml b/charts/rancher-monitoring/templates/exporters/kube-scheduler/endpoints.yaml deleted file mode 100644 index 84a14ae61..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-scheduler/endpoints.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }} -apiVersion: v1 -kind: Endpoints -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler - k8s-app: kube-scheduler -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -subsets: - - addresses: - {{- range .Values.kubeScheduler.endpoints }} - - ip: {{ . }} - {{- end }} - ports: - - name: http-metrics - {{- $kubeSchedulerDefaultInsecurePort := 10251 }} - {{- $kubeSchedulerDefaultSecurePort := 10259 }} - port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }} - protocol: TCP -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-scheduler/service.yaml b/charts/rancher-monitoring/templates/exporters/kube-scheduler/service.yaml deleted file mode 100644 index eef9df01d..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-scheduler/service.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler - jobLabel: kube-scheduler -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: kube-system -spec: - clusterIP: None - ports: - - name: http-metrics - {{- $kubeSchedulerDefaultInsecurePort := 10251 }} - {{- $kubeSchedulerDefaultSecurePort := 10259 }} - port: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.port) }} - protocol: TCP - targetPort: {{ include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . $kubeSchedulerDefaultInsecurePort $kubeSchedulerDefaultSecurePort .Values.kubeScheduler.service.targetPort) }} -{{- if .Values.kubeScheduler.endpoints }}{{- else }} - selector: - {{- if .Values.kubeScheduler.service.selector }} -{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }} - {{- else}} - component: kube-scheduler - {{- end}} -{{- end }} - type: ClusterIP -{{- end -}} diff --git a/charts/rancher-monitoring/templates/exporters/kube-scheduler/servicemonitor.yaml b/charts/rancher-monitoring/templates/exporters/kube-scheduler/servicemonitor.yaml deleted file mode 100644 index e6555b448..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-scheduler/servicemonitor.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kube-scheduler - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler - {{- with .Values.kubeScheduler.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - jobLabel: jobLabel - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-kube-scheduler - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - "kube-system" - endpoints: - - port: http-metrics - {{- if .Values.kubeScheduler.serviceMonitor.interval }} - interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - {{- if .Values.kubeScheduler.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubeScheduler.serviceMonitor.proxyUrl}} - {{- end }} - {{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . false true .Values.kubeScheduler.serviceMonitor.https )) "true" }} - scheme: https - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - {{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . nil true .Values.kubeScheduler.serviceMonitor.insecureSkipVerify)) "true" }} - insecureSkipVerify: true - {{- end }} - {{- if .Values.kubeScheduler.serviceMonitor.serverName }} - serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} - {{- end}} - {{- end}} - metricRelabelings: - {{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.kubeScheduler.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kube-state-metrics/validate.yaml b/charts/rancher-monitoring/templates/exporters/kube-state-metrics/validate.yaml deleted file mode 100644 index 9211b3d77..000000000 --- a/charts/rancher-monitoring/templates/exporters/kube-state-metrics/validate.yaml +++ /dev/null @@ -1,7 +0,0 @@ -{{- if .Values.kubeStateMetrics.enabled }} -{{- if not (kindIs "invalid" .Values.kubeStateMetrics.serviceMonitor) }} -{{- if .Values.kubeStateMetrics.serviceMonitor.namespaceOverride }} -{{- fail "kubeStateMetrics.serviceMonitor.namespaceOverride was removed. Please use kube-state-metrics.namespaceOverride instead." }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/exporters/kubelet/servicemonitor.yaml b/charts/rancher-monitoring/templates/exporters/kubelet/servicemonitor.yaml deleted file mode 100644 index 7d85a2d91..000000000 --- a/charts/rancher-monitoring/templates/exporters/kubelet/servicemonitor.yaml +++ /dev/null @@ -1,229 +0,0 @@ -{{- if (and (not .Values.kubelet.enabled) .Values.hardenedKubelet.enabled) }} -{{ required "Cannot set .Values.hardenedKubelet.enabled=true when .Values.kubelet.enabled=false" "" }} -{{- end }} -{{- if (and .Values.kubelet.enabled (not .Values.hardenedKubelet.enabled) (not .Values.k3sServer.enabled)) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-kubelet - namespace: {{ .Values.kubelet.namespace }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-kubelet - {{- with .Values.kubelet.serviceMonitor.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - endpoints: - {{- if .Values.kubelet.serviceMonitor.https }} - - port: https-metrics - scheme: https - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - honorLabels: true - metricRelabelings: - {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.kubelet.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.cAdvisor }} - - port: https-metrics - scheme: https - path: /metrics/cadvisor - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: true - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }} -{{- end }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.probes }} - - port: https-metrics - scheme: https - path: /metrics/probes - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: true - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.probesRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }} -{{- end }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.resource }} - - port: https-metrics - scheme: https - path: {{ include "kubelet.serviceMonitor.resourcePath" . }} - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: true - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }} -{{- end }} -{{- end }} - {{- else }} - - port: http-metrics - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: true -{{- if .Values.kubelet.serviceMonitor.metricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.cAdvisor }} - - port: http-metrics - path: /metrics/cadvisor - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: true -{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.probes }} - - port: http-metrics - path: /metrics/probes - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: true -{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.probesRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }} -{{- end }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.resource }} - - port: http-metrics - path: {{ include "kubelet.serviceMonitor.resourcePath" . }} - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: true -{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }} -{{- end }} -{{- end }} -{{- end }} - {{- end }} - jobLabel: k8s-app - namespaceSelector: - matchNames: - - {{ .Values.kubelet.namespace }} - selector: - matchLabels: - app.kubernetes.io/name: kubelet - k8s-app: kubelet -{{- end}} diff --git a/charts/rancher-monitoring/templates/exporters/node-exporter/validate.yaml b/charts/rancher-monitoring/templates/exporters/node-exporter/validate.yaml deleted file mode 100644 index bdc73d616..000000000 --- a/charts/rancher-monitoring/templates/exporters/node-exporter/validate.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{- if (and (not .Values.nodeExporter.enabled) .Values.hardenedNodeExporter.enabled) }} -{{ required "Cannot set .Values.hardenedNodeExporter.enabled=true when .Values.nodeExporter.enabled=false" "" }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/configmap-dashboards.yaml b/charts/rancher-monitoring/templates/grafana/configmap-dashboards.yaml deleted file mode 100644 index e719009ff..000000000 --- a/charts/rancher-monitoring/templates/grafana/configmap-dashboards.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if or (and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled) .Values.grafana.forceDeployDashboards }} -{{- $files := .Files.Glob "dashboards-1.14/*.json" }} -{{- if $files }} -apiVersion: v1 -kind: ConfigMapList -items: -{{- range $path, $fileContents := $files }} -{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} -- apiVersion: v1 - kind: ConfigMap - metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) $dashboardName | trunc 63 | trimSuffix "-" }} - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 6 }} - data: - {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/configmaps-datasources.yaml b/charts/rancher-monitoring/templates/grafana/configmaps-datasources.yaml deleted file mode 100644 index 44ed3273b..000000000 --- a/charts/rancher-monitoring/templates/grafana/configmaps-datasources.yaml +++ /dev/null @@ -1,63 +0,0 @@ -{{- if or (and .Values.grafana.enabled .Values.grafana.sidecar.datasources.enabled) .Values.grafana.forceDeployDatasources }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-grafana-datasource - namespace: {{ default .Values.grafana.sidecar.datasources.searchNamespace (include "kube-prometheus-stack.namespace" .) }} -{{- if .Values.grafana.sidecar.datasources.annotations }} - annotations: -{{ toYaml .Values.grafana.sidecar.datasources.annotations | indent 4 }} -{{- end }} - labels: - {{ $.Values.grafana.sidecar.datasources.label }}: {{ $.Values.grafana.sidecar.datasources.labelValue | quote }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - datasource.yaml: |- - apiVersion: 1 -{{- if .Values.grafana.deleteDatasources }} - deleteDatasources: -{{ tpl (toYaml .Values.grafana.deleteDatasources | indent 6) . }} -{{- end }} - datasources: -{{- $scrapeInterval := .Values.grafana.sidecar.datasources.defaultDatasourceScrapeInterval | default .Values.prometheus.prometheusSpec.scrapeInterval | default "30s" }} -{{- if .Values.grafana.sidecar.datasources.defaultDatasourceEnabled }} - - name: Prometheus - type: prometheus - uid: {{ .Values.grafana.sidecar.datasources.uid }} - {{- if .Values.grafana.sidecar.datasources.url }} - url: {{ .Values.grafana.sidecar.datasources.url }} - {{- else }} - url: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }}/{{ trimPrefix "/" .Values.prometheus.prometheusSpec.routePrefix }} - {{- end }} - access: proxy - isDefault: true - jsonData: - timeInterval: {{ $scrapeInterval }} -{{- if .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }} - exemplarTraceIdDestinations: - - datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }} - name: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }} -{{- end }} -{{- if .Values.grafana.sidecar.datasources.createPrometheusReplicasDatasources }} -{{- range until (int .Values.prometheus.prometheusSpec.replicas) }} - - name: Prometheus-{{ . }} - type: prometheus - uid: {{ $.Values.grafana.sidecar.datasources.uid }}-replica-{{ . }} - url: http://prometheus-{{ template "kube-prometheus-stack.prometheus.crname" $ }}-{{ . }}.prometheus-operated:9090/{{ trimPrefix "/" $.Values.prometheus.prometheusSpec.routePrefix }} - access: proxy - isDefault: false - jsonData: - timeInterval: {{ $scrapeInterval }} -{{- if $.Values.grafana.sidecar.datasources.exemplarTraceIdDestinations }} - exemplarTraceIdDestinations: - - datasourceUid: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.datasourceUid }} - name: {{ .Values.grafana.sidecar.datasources.exemplarTraceIdDestinations.traceIdLabelName }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- if .Values.grafana.additionalDataSources }} -{{ tpl (toYaml .Values.grafana.additionalDataSources | indent 4) . }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/alertmanager-overview.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/alertmanager-overview.yaml deleted file mode 100644 index 3fe5bcdd0..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/alertmanager-overview.yaml +++ /dev/null @@ -1,616 +0,0 @@ -{{- /* -Generated from 'alertmanager-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "alertmanager-overview" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - alertmanager-overview.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "current set of alerts stored in the Alertmanager", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(alertmanager_alerts{namespace=~\"$namespace\",service=~\"$service\"}) by (namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Alerts", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "rate of successful and invalid alerts received by the Alertmanager", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(alertmanager_alerts_received_total{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval])) by (namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Received", - "refId": "A" - }, - { - "expr": "sum(rate(alertmanager_alerts_invalid_total{namespace=~\"$namespace\",service=~\"$service\"}[$__rate_interval])) by (namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Invalid", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Alerts receive rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Alerts", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "rate of successful and invalid notifications sent by the Alertmanager", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": "integration", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(alertmanager_notifications_total{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (integration,namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Total", - "refId": "A" - }, - { - "expr": "sum(rate(alertmanager_notifications_failed_total{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (integration,namespace,service,instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Failed", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "$integration: Notifications Send Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "latency of notifications sent by the Alertmanager", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": "integration", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (le,namespace,service,instance)\n) \n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} 99th Percentile", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.50,\n sum(rate(alertmanager_notification_latency_seconds_bucket{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (le,namespace,service,instance)\n) \n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Median", - "refId": "B" - }, - { - "expr": "sum(rate(alertmanager_notification_latency_seconds_sum{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (namespace,service,instance)\n/\nsum(rate(alertmanager_notification_latency_seconds_count{namespace=~\"$namespace\",service=~\"$service\", integration=\"$integration\"}[$__rate_interval])) by (namespace,service,instance)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Average", - "refId": "C" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "$integration: Notification Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Notifications", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "alertmanager-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "namespace", - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(alertmanager_alerts, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "service", - "multi": false, - "name": "service", - "options": [ - - ], - "query": "label_values(alertmanager_alerts, service)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "all", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": true, - "label": null, - "multi": false, - "name": "integration", - "options": [ - - ], - "query": "label_values(alertmanager_notifications_total{integration=~\".*\"}, integration)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Alertmanager / Overview", - "uid": "alertmanager-overview", - "version": 0 - } -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/apiserver.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/apiserver.yaml deleted file mode 100644 index d4cf09f18..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/apiserver.yaml +++ /dev/null @@ -1,1772 +0,0 @@ -{{- /* -Generated from 'apiserver' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.kubeApiServer.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "apiserver" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - apiserver.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "content": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.", - "datasource": null, - "description": "The SLO (service level objective) and other metrics displayed on this dashboard are for informational purposes only.", - "gridPos": { - "h": 2, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 2, - "mode": "markdown", - "span": 12, - "title": "Notice", - "type": "text" - } - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 3, - "description": "How many percent of requests (both read and write) in 30 days have been answered successfully and fast enough?", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 4, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Availability (30d) > 99.000%", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 3, - "description": "How much error budget is left looking at our 0.990% availability guarantees?", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 8, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "100 * (apiserver_request:availability30d{verb=\"all\", cluster=\"$cluster\"} - 0.990000)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "errorbudget", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "ErrorBudget (30d) > 99.000%", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "decimals": 3, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "decimals": 3, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 3, - "description": "How many percent of read requests (LIST,GET) in 30 days have been answered successfully and fast enough?", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "apiserver_request:availability30d{verb=\"read\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Read Availability (30d)", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "How many read requests (LIST,GET) per second do the apiservers get by code?", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/2../i", - "color": "#56A64B" - }, - { - "alias": "/3../i", - "color": "#F2CC0C" - }, - { - "alias": "/4../i", - "color": "#3274D9" - }, - { - "alias": "/5../i", - "color": "#E02F44" - } - ], - "spaceLength": 10, - "span": 3, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}} code {{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Read SLI - Requests", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "How many percent of read requests (LIST,GET) per second are returned with errors (5xx)?", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"read\", cluster=\"$cluster\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}} resource {{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Read SLI - Errors", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "How many seconds is the 99th percentile for reading (LIST|GET) a given resource?", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "cluster_quantile:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds:histogram_quantile{verb=\"read\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}} resource {{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Read SLI - Duration", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 3, - "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) in 30 days have been answered successfully and fast enough?", - "format": "percentunit", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "apiserver_request:availability30d{verb=\"write\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Write Availability (30d)", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "How many write requests (POST|PUT|PATCH|DELETE) per second do the apiservers get by code?", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/2../i", - "color": "#56A64B" - }, - { - "alias": "/3../i", - "color": "#F2CC0C" - }, - { - "alias": "/4../i", - "color": "#3274D9" - }, - { - "alias": "/5../i", - "color": "#E02F44" - } - ], - "spaceLength": 10, - "span": 3, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (code) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}} code {{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Write SLI - Requests", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "How many percent of write requests (POST|PUT|PATCH|DELETE) per second are returned with errors (5xx)?", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\",code=~\"5..\", cluster=\"$cluster\"}) / sum by (resource) (code_resource:apiserver_request_total:rate5m{verb=\"write\", cluster=\"$cluster\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}} resource {{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Write SLI - Errors", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "How many seconds is the 99th percentile for writing (POST|PUT|PATCH|DELETE) a given resource?", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 12, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "cluster_quantile:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds:histogram_quantile{verb=\"write\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}} resource {{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Write SLI - Duration", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 13, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(workqueue_adds_total{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Add Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 14, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(workqueue_depth{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Depth", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 15, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{job=\"apiserver\", instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])) by (instance, name, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Latency", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 16, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 17, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 18, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{job=\"apiserver\",instance=~\"$instance\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"apiserver\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{job=\"apiserver\", cluster=\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / API server", - "uid": "09ec8aa1e996d6ffcd6817bbaff4db1b", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/cluster-total.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/cluster-total.yaml deleted file mode 100644 index c351d0c0c..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/cluster-total.yaml +++ /dev/null @@ -1,1882 +0,0 @@ -{{- /* -Generated from 'cluster-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "cluster-total" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - cluster-total.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 2, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Received", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Transmitted", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "columns": [ - { - "text": "Time", - "value": "Time" - }, - { - "text": "Value #A", - "value": "Value #A" - }, - { - "text": "Value #B", - "value": "Value #B" - }, - { - "text": "Value #C", - "value": "Value #C" - }, - { - "text": "Value #D", - "value": "Value #D" - }, - { - "text": "Value #E", - "value": "Value #E" - }, - { - "text": "Value #F", - "value": "Value #F" - }, - { - "text": "Value #G", - "value": "Value #G" - }, - { - "text": "Value #H", - "value": "Value #H" - }, - { - "text": "namespace", - "value": "namespace" - } - ], - "datasource": "$datasource", - "fill": 1, - "fontSize": "90%", - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 5, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null as zero", - "renderer": "flot", - "scroll": true, - "showHeader": true, - "sort": { - "col": 0, - "desc": false - }, - "spaceLength": 10, - "span": 24, - "styles": [ - { - "alias": "Time", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Time", - "thresholds": [ - - ], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Current Bandwidth Received", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Current Bandwidth Transmitted", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Average Bandwidth Received", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Average Bandwidth Transmitted", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Rate of Received Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Received Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #G", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #H", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Namespace", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "Drill down", - "linkUrl": "d/8b7a8b326d7a6f1f04244066368c67af/kubernetes-networking-namespace-pods?orgId=1&refresh=30s&var-namespace=$__cell", - "pattern": "namespace", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "G", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "H", - "step": 10 - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Status", - "type": "table" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 6, - "panels": [ - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 7, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Rate of Bytes Received", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 8, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Rate of Bytes Transmitted", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Average Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 9, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth History", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 12 - }, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 30 - }, - "id": 12, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 13, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 40 - }, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Packets", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 15, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 50 - }, - "id": 16, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 59 - }, - "id": 17, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\".+\"}[$interval:$resolution])) by (namespace))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 59 - }, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [ - { - "targetBlank": true, - "title": "What is TCP Retransmit?", - "url": "https://accedian.com/enterprises/blog/network-packet-loss-retransmissions-and-duplicate-acknowledgements/" - } - ], - "minSpan": 24, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_OutSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of TCP Retransmits out of all sent segments", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 59 - }, - "id": 19, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 2, - "links": [ - { - "targetBlank": true, - "title": "Why monitor SYN retransmits?", - "url": "https://github.com/prometheus/node_exporter/issues/1023#issuecomment-408128365" - } - ], - "minSpan": 24, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(rate(node_netstat_TcpExt_TCPSynRetrans{cluster=\"$cluster\"}[$interval:$resolution]) / rate(node_netstat_Tcp_RetransSegs{cluster=\"$cluster\"}[$interval:$resolution])) by (instance))", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of TCP SYN Retransmits out of all retransmits", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Errors", - "titleSize": "h6", - "type": "row" - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 18, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "resolution", - "options": [ - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": true, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - } - ], - "query": "30s,5m,1h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": false, - "label": null, - "multi": false, - "name": "interval", - "options": [ - { - "selected": true, - "text": "4h", - "value": "4h" - } - ], - "query": "4h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - }, - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Networking / Cluster", - "uid": "ff635a025bcfea7bc3dd4f508990a3e9", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/controller-manager.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/controller-manager.yaml deleted file mode 100644 index c1946dd8b..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/controller-manager.yaml +++ /dev/null @@ -1,1196 +0,0 @@ -{{- /* -Generated from 'controller-manager' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -{{- if (include "exporter.kubeControllerManager.enabled" .)}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "controller-manager" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - controller-manager.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - {{- if .Values.k3sServer.enabled }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", metrics_path=\"/metrics\"})", - {{- else }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"})", - {{- end }} - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Up", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(workqueue_adds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Add Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(workqueue_depth{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Depth", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(workqueue_queue_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, name, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} {{`{{`}}name{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Work Queue Latency", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Kube API Request Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 8, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, url, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Post Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Get Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeControllerManager.jobName" . }}\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Controller Manager", - "uid": "72e0e05bef5099e5f049b05fdc429ed4", - "version": 0 - } -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/etcd.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/etcd.yaml deleted file mode 100644 index 3956638cb..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/etcd.yaml +++ /dev/null @@ -1,1229 +0,0 @@ -{{- /* -Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/etcd/main/contrib/mixin/mixin.libsonnet -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -{{- if (include "exporter.kubeEtcd.enabled" .)}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "etcd" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - etcd.json: |- - { - "annotations": { - "list": [] - }, - "description": "etcd sample Grafana dashboard with Prometheus", - "editable": true, - "gnetId": null, - "hideControls": false, - "links": [], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "editable": true, - "height": "250px", - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "datasource": "$datasource", - "editable": true, - "error": false, - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "id": 28, - "interval": null, - "isNew": true, - "links": [], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "targets": [ - { - "expr": "sum(etcd_server_has_leader{job=\"$cluster\"})", - "intervalFactor": 2, - "legendFormat": "", - "metric": "etcd_server_has_leader", - "refId": "A", - "step": 20 - } - ], - "thresholds": "", - "title": "Up", - "type": "singlestat", - "valueFontSize": "200%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "avg" - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 23, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(grpc_server_started_total{job=\"$cluster\",grpc_type=\"unary\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "RPC Rate", - "metric": "grpc_server_started_total", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(rate(grpc_server_handled_total{job=\"$cluster\",grpc_type=\"unary\",grpc_code=~\"Unknown|FailedPrecondition|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "RPC Failed Rate", - "metric": "grpc_server_handled_total", - "refId": "B", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 41, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 4, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Watch\",grpc_type=\"bidi_stream\"})", - "intervalFactor": 2, - "legendFormat": "Watch Streams", - "metric": "grpc_server_handled_total", - "refId": "A", - "step": 4 - }, - { - "expr": "sum(grpc_server_started_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"}) - sum(grpc_server_handled_total{job=\"$cluster\",grpc_service=\"etcdserverpb.Lease\",grpc_type=\"bidi_stream\"})", - "intervalFactor": 2, - "legendFormat": "Lease Streams", - "metric": "grpc_server_handled_total", - "refId": "B", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Active Streams", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "showTitle": false, - "title": "Row" - }, - { - "collapse": false, - "editable": true, - "height": "250px", - "panels": [ - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "decimals": null, - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "id": 1, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "etcd_mvcc_db_total_size_in_bytes{job=\"$cluster\"}", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} DB Size", - "metric": "", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "DB Size", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 1, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 4, - "stack": false, - "steppedLine": true, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=\"$cluster\"}[$__rate_interval])) by (instance, le))", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} WAL fsync", - "metric": "etcd_disk_wal_fsync_duration_seconds_bucket", - "refId": "A", - "step": 4 - }, - { - "expr": "histogram_quantile(0.99, sum(rate(etcd_disk_backend_commit_duration_seconds_bucket{job=\"$cluster\"}[$__rate_interval])) by (instance, le))", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} DB fsync", - "metric": "etcd_disk_backend_commit_duration_seconds_bucket", - "refId": "B", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Disk Sync Duration", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 29, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{job=\"$cluster\"}", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Resident Memory", - "metric": "process_resident_memory_bytes", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "title": "New row" - }, - { - "collapse": false, - "editable": true, - "height": "250px", - "panels": [ - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 5, - "id": 22, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 3, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(etcd_network_client_grpc_received_bytes_total{job=\"$cluster\"}[$__rate_interval])", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic In", - "metric": "etcd_network_client_grpc_received_bytes_total", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Traffic In", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 5, - "id": 21, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 3, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(etcd_network_client_grpc_sent_bytes_total{job=\"$cluster\"}[$__rate_interval])", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Client Traffic Out", - "metric": "etcd_network_client_grpc_sent_bytes_total", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Client Traffic Out", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 20, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_network_peer_received_bytes_total{job=\"$cluster\"}[$__rate_interval])) by (instance)", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic In", - "metric": "etcd_network_peer_received_bytes_total", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Peer Traffic In", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "decimals": null, - "editable": true, - "error": false, - "fill": 0, - "grid": {}, - "id": 16, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_network_peer_sent_bytes_total{job=\"$cluster\"}[$__rate_interval])) by (instance)", - "hide": false, - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Peer Traffic Out", - "metric": "etcd_network_peer_sent_bytes_total", - "refId": "A", - "step": 4 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Peer Traffic Out", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "Bps", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "title": "New row" - }, - { - "collapse": false, - "editable": true, - "height": "250px", - "panels": [ - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fill": 0, - "id": 40, - "isNew": true, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(etcd_server_proposals_failed_total{job=\"$cluster\"}[$__rate_interval]))", - "intervalFactor": 2, - "legendFormat": "Proposal Failure Rate", - "metric": "etcd_server_proposals_failed_total", - "refId": "A", - "step": 2 - }, - { - "expr": "sum(etcd_server_proposals_pending{job=\"$cluster\"})", - "intervalFactor": 2, - "legendFormat": "Proposal Pending Total", - "metric": "etcd_server_proposals_pending", - "refId": "B", - "step": 2 - }, - { - "expr": "sum(rate(etcd_server_proposals_committed_total{job=\"$cluster\"}[$__rate_interval]))", - "intervalFactor": 2, - "legendFormat": "Proposal Commit Rate", - "metric": "etcd_server_proposals_committed_total", - "refId": "C", - "step": 2 - }, - { - "expr": "sum(rate(etcd_server_proposals_applied_total{job=\"$cluster\"}[$__rate_interval]))", - "intervalFactor": 2, - "legendFormat": "Proposal Apply Rate", - "refId": "D", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Raft Proposals", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "datasource": "$datasource", - "decimals": 0, - "editable": true, - "error": false, - "fill": 0, - "id": 19, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "changes(etcd_server_leader_changes_seen_total{job=\"$cluster\"}[1d])", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Total Leader Elections Per Day", - "metric": "etcd_server_leader_changes_seen_total", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, - "title": "Total Leader Elections Per Day", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": 0, - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {} - }, - "overrides": [] - }, - "fill": 0, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 28 - }, - "hiddenSeries": false, - "id": 42, - "isNew": true, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.4.3", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum by (instance, le) (rate(etcd_network_peer_round_trip_time_seconds_bucket{job=\"$cluster\"}[$__rate_interval])))", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Peer round trip time", - "metric": "etcd_network_peer_round_trip_time_seconds_bucket", - "refId": "A", - "step": 2 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Peer round trip time", - "tooltip": { - "msResolution": false, - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:925", - "decimals": null, - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:926", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "title": "New row" - } - ], - "schemaVersion": 13, - "sharedCrosshair": false, - "style": "dark", - "tags": [ - "etcd-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "prod", - "value": "prod" - }, - "datasource": "$datasource", - "hide": {{ if (or .Values.grafana.sidecar.dashboards.multicluster.global.enabled .Values.grafana.sidecar.dashboards.multicluster.etcd.enabled) }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [], - "query": "label_values(etcd_server_has_leader, job)", - "refresh": 2, - "regex": "", - "sort": 2, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-15m", - "to": "now" - }, - "timepicker": { - "now": true, - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "etcd", - "uid": "c2f4e12cdf69feb95caa41a5a1b423d9", - "version": 215 - } -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/grafana-overview.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/grafana-overview.yaml deleted file mode 100644 index 8d08b055f..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/grafana-overview.yaml +++ /dev/null @@ -1,635 +0,0 @@ -{{- /* -Generated from 'grafana-overview' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "grafana-overview" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - grafana-overview.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [ - - ], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": 3085, - "iteration": 1631554945276, - "links": [ - - ], - "panels": [ - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "mappings": [ - - ], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - - ] - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 0, - "y": 0 - }, - "id": 6, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "text": { - - }, - "textMode": "auto" - }, - "pluginVersion": "8.1.3", - "targets": [ - { - "expr": "grafana_alerting_result_total{job=~\"$job\", instance=~\"$instance\", state=\"alerting\"}", - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Firing Alerts", - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - - ] - }, - "gridPos": { - "h": 5, - "w": 6, - "x": 6, - "y": 0 - }, - "id": 8, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "mean" - ], - "fields": "", - "values": false - }, - "text": { - - }, - "textMode": "auto" - }, - "pluginVersion": "8.1.3", - "targets": [ - { - "expr": "sum(grafana_stat_totals_dashboard{job=~\"$job\", instance=~\"$instance\"})", - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Dashboards", - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": { - "align": null, - "displayMode": "auto" - }, - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - - ] - }, - "gridPos": { - "h": 5, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 10, - "options": { - "showHeader": true - }, - "pluginVersion": "8.1.3", - "targets": [ - { - "expr": "grafana_build_info{job=~\"$job\", instance=~\"$instance\"}", - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Build Info", - "transformations": [ - { - "id": "labelsToFields", - "options": { - - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Time": true, - "Value": true, - "branch": true, - "container": true, - "goversion": true, - "namespace": true, - "pod": true, - "revision": true - }, - "indexByName": { - "Time": 7, - "Value": 11, - "branch": 4, - "container": 8, - "edition": 2, - "goversion": 6, - "instance": 1, - "job": 0, - "namespace": 9, - "pod": 10, - "revision": 5, - "version": 3 - }, - "renameByName": { - - } - } - } - ], - "type": "table" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ] - }, - "overrides": [ - - ] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 5 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "8.1.3", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (status_code) (irate(grafana_http_request_duration_seconds_count{job=~\"$job\", instance=~\"$instance\"}[1m])) ", - "interval": "", - "legendFormat": "{{`{{`}}status_code{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeRegions": [ - - ], - "timeShift": null, - "title": "RPS", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "$$hashKey": "object:157", - "format": "reqps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:158", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ] - }, - "overrides": [ - - ] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 5 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "8.1.3", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "exemplar": true, - "expr": "histogram_quantile(0.99, sum(irate(grafana_http_request_duration_seconds_bucket{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) by (le)) * 1", - "interval": "", - "legendFormat": "99th Percentile", - "refId": "A" - }, - { - "exemplar": true, - "expr": "histogram_quantile(0.50, sum(irate(grafana_http_request_duration_seconds_bucket{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) by (le)) * 1", - "interval": "", - "legendFormat": "50th Percentile", - "refId": "B" - }, - { - "exemplar": true, - "expr": "sum(irate(grafana_http_request_duration_seconds_sum{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval])) * 1 / sum(irate(grafana_http_request_duration_seconds_count{instance=~\"$instance\", job=~\"$job\"}[$__rate_interval]))", - "interval": "", - "legendFormat": "Average", - "refId": "C" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeRegions": [ - - ], - "timeShift": null, - "title": "Request Latency", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "$$hashKey": "object:210", - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "$$hashKey": "object:211", - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "schemaVersion": 30, - "style": "dark", - "tags": [ - - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": "Data Source", - "multi": false, - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": [ - "default/grafana" - ], - "value": [ - "default/grafana" - ] - }, - "datasource": "$datasource", - "definition": "label_values(grafana_build_info, job)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "job", - "options": [ - - ], - "query": { - "query": "label_values(grafana_build_info, job)", - "refId": "Billing Admin-job-Variable-Query" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "label_values(grafana_build_info, instance)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "instance", - "options": [ - - ], - "query": { - "query": "label_values(grafana_build_info, instance)", - "refId": "Billing Admin-instance-Variable-Query" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Grafana Overview", - "uid": "6be0s85Mk", - "version": 2 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-coredns.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-coredns.yaml deleted file mode 100644 index 5d5840e02..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-coredns.yaml +++ /dev/null @@ -1,1530 +0,0 @@ -{{- /* Added manually, can be changed in-place. */ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-coredns.json: |- - { - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "A dashboard for the CoreDNS DNS server with updated metrics for version 1.7.0+. Based on the CoreDNS dashboard by buhay.", - "editable": true, - "gnetId": 12539, - "graphTooltip": 0, - "iteration": 1603798405693, - "links": [ - { - "icon": "external link", - "tags": [], - "targetBlank": true, - "title": "CoreDNS.io", - "type": "link", - "url": "https://coredns.io" - } - ], - "panels": [ - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 0 - }, - "hiddenSeries": false, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "total", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (proto) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (proto)", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}", - "refId": "A", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (total)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 0 - }, - "hiddenSeries": false, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "total", - "yaxis": 2 - }, - { - "alias": "other", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_request_type_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type) or \nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{type}}"}}", - "refId": "A", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (by qtype)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 0 - }, - "hiddenSeries": false, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "total", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (zone) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (zone)", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{zone}}"}}", - "refId": "A", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (by zone)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 7 - }, - "hiddenSeries": false, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "total", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_request_do_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_do_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m]))", - "interval": "", - "intervalFactor": 2, - "legendFormat": "DO", - "refId": "A", - "step": 40 - }, - { - "expr": "sum(rate(coredns_dns_request_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) or\nsum(rate(coredns_dns_requests_total{job=\"coredns\",instance=~\"$instance\"}[5m]))", - "interval": "", - "intervalFactor": 2, - "legendFormat": "total", - "refId": "B", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (DO bit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 12, - "y": 7 - }, - "hiddenSeries": false, - "id": 10, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "tcp:90", - "yaxis": 2 - }, - { - "alias": "tcp:99 ", - "yaxis": 2 - }, - { - "alias": "tcp:50", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:99 ", - "refId": "A", - "step": 60 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:90", - "refId": "B", - "step": 60 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto))", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:50", - "refId": "C", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (size, udp)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 6, - "x": 18, - "y": 7 - }, - "hiddenSeries": false, - "id": 12, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "tcp:90", - "yaxis": 1 - }, - { - "alias": "tcp:99 ", - "yaxis": 1 - }, - { - "alias": "tcp:50", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:99 ", - "refId": "A", - "step": 60 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:90", - "refId": "B", - "step": 60 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto))", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:50", - "refId": "C", - "step": 60 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Requests (size,tcp)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 14 - }, - "hiddenSeries": false, - "id": 14, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_dns_response_rcode_count_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (rcode) or\nsum(rate(coredns_dns_responses_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (rcode)", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{rcode}}"}}", - "refId": "A", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Responses (by rcode)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 14 - }, - "hiddenSeries": false, - "id": 32, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le, job))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "99%", - "refId": "A", - "step": 40 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "90%", - "refId": "B", - "step": 40 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_request_duration_seconds_bucket{job=\"coredns\",instance=~\"$instance\"}[5m])) by (le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "50%", - "refId": "C", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Responses (duration)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "s", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 21 - }, - "hiddenSeries": false, - "id": 18, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "udp:50%", - "yaxis": 1 - }, - { - "alias": "tcp:50%", - "yaxis": 2 - }, - { - "alias": "tcp:90%", - "yaxis": 2 - }, - { - "alias": "tcp:99%", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:99%", - "refId": "A", - "step": 40 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:90%", - "refId": "B", - "step": 40 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"udp\"}[5m])) by (le,proto)) ", - "hide": false, - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:50%", - "metric": "", - "refId": "C", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Responses (size, udp)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 21 - }, - "hiddenSeries": false, - "id": 20, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "udp:50%", - "yaxis": 1 - }, - { - "alias": "tcp:50%", - "yaxis": 1 - }, - { - "alias": "tcp:90%", - "yaxis": 1 - }, - { - "alias": "tcp:99%", - "yaxis": 1 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:99%", - "refId": "A", - "step": 40 - }, - { - "expr": "histogram_quantile(0.90, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le,proto)) ", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:90%", - "refId": "B", - "step": 40 - }, - { - "expr": "histogram_quantile(0.50, sum(rate(coredns_dns_response_size_bytes_bucket{job=\"coredns\",instance=~\"$instance\",proto=\"tcp\"}[5m])) by (le, proto)) ", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{"{{proto}}"}}:50%", - "metric": "", - "refId": "C", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Responses (size, tcp)", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "bytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 28 - }, - "hiddenSeries": false, - "id": 22, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(coredns_cache_size{job=\"coredns\",instance=~\"$instance\"}) by (type) or\nsum(coredns_cache_entries{job=\"coredns\",instance=~\"$instance\"}) by (type)", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{"{{type}}"}}", - "refId": "A", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Cache (size)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "cumulative" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - }, - { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "editable": true, - "error": false, - "fieldConfig": { - "defaults": { - "custom": {}, - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "grid": {}, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 28 - }, - "hiddenSeries": false, - "id": 24, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.2.0", - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "misses", - "yaxis": 2 - } - ], - "spaceLength": 10, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(coredns_cache_hits_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)", - "hide": false, - "intervalFactor": 2, - "legendFormat": "hits:{{"{{type}}"}}", - "refId": "A", - "step": 40 - }, - { - "expr": "sum(rate(coredns_cache_misses_total{job=\"coredns\",instance=~\"$instance\"}[5m])) by (type)", - "hide": false, - "intervalFactor": 2, - "legendFormat": "misses", - "refId": "B", - "step": 40 - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Cache (hitrate)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } - } - ], - "refresh": "10s", - "schemaVersion": 26, - "style": "dark", - "tags": [ - "dns", - "coredns" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "includeAll": false, - "label": "Data Source", - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "queryValue": "", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "definition": "label_values(up{job=\"coredns\"}, instance)", - "hide": 0, - "includeAll": true, - "label": "Instance", - "multi": false, - "name": "instance", - "options": [], - "query": "label_values(up{job=\"coredns\"}, instance)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 3, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "CoreDNS", - "uid": "vkQ0UHxik", - "version": 2 - } -{{- end }} diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml deleted file mode 100644 index 581c4779a..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-cluster.yaml +++ /dev/null @@ -1,3088 +0,0 @@ -{{- /* -Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-cluster" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-cluster.json: |- - { - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "height": "100px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 1, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 2, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "cluster:node_cpu:ratio_rate5m{cluster=\"$cluster\"}", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "CPU Utilisation", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 2, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "CPU Requests Commitment", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 2, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"cpu\",cluster=\"$cluster\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "CPU Limits Commitment", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 2, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "1 - sum(:node_memory_MemAvailable_bytes:sum{cluster=\"$cluster\"}) / sum(node_memory_MemTotal_bytes{job=\"node-exporter\",cluster=\"$cluster\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "Memory Utilisation", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 2, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "Memory Requests Commitment", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 2, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) / sum(kube_node_status_allocatable{job=\"kube-state-metrics\",resource=\"memory\",cluster=\"$cluster\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "Memory Limits Commitment", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Headlines", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Pods", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Workloads", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to workloads", - "linkUrl": "d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "CPU Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #G", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Namespace", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", - "pattern": "namespace", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\"}) by (namespace) / sum(namespace_cpu:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "G", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_rss{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage (w/o cache)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Pods", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Workloads", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to workloads", - "linkUrl": "d/a87fb0d919ec0ea5f6543124e16c42a5/k8s-resources-workloads-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell_1", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Memory Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #G", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Namespace", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", - "pattern": "namespace", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(kube_pod_owner{job=\"kube-state-metrics\", cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "count(avg(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\"}) by (workload, namespace)) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(container_memory_rss{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(container_memory_rss{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_requests:sum{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - }, - { - "expr": "sum(container_memory_rss{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", container!=\"\"}) by (namespace) / sum(namespace_memory:kube_pod_container_resource_limits:sum{cluster=\"$cluster\"}) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "G", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Requests by Namespace", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Requests", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Current Receive Bandwidth", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Current Transmit Bandwidth", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Rate of Received Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Received Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Namespace", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", - "pattern": "namespace", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Network Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Network Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 12, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 13, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 14, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "avg(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Container Bandwidth by Namespace: Received", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 15, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "avg(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Container Bandwidth by Namespace: Transmitted", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Average Container Bandwidth by Namespace", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 16, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 17, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 18, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 19, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=~\".+\"}[$__rate_interval])) by (namespace)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets Dropped", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": -1, - "fill": 10, - "id": 20, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "ceil(sum by(namespace) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval])))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "IOPS(Reads+Writes)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 21, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}namespace{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "ThroughPut(Read+Write)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Storage IO", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 22, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "sort": { - "col": 4, - "desc": true - }, - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "IOPS(Reads)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "IOPS(Writes)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "IOPS(Reads + Writes)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Throughput(Read)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Throughput(Write)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Throughput(Read + Write)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Namespace", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/85a562078cdf77779eaa1add43ccec1e/k8s-resources-namespace?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$__cell", - "pattern": "namespace", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum by(namespace) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum by(namespace) (rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum by(namespace) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum by(namespace) (rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum by(namespace) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace!=\"\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Storage IO", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Storage IO - Distribution", - "titleSize": "h6" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Compute Resources / Cluster", - "uid": "efa86fd1d0c121a26444b636a3f509a8", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml deleted file mode 100644 index 0c9c805fd..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-namespace.yaml +++ /dev/null @@ -1,2797 +0,0 @@ -{{- /* -Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-namespace" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-namespace.json: |- - { - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "height": "100px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 1, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "CPU Utilisation (from requests)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "CPU Utilisation (from limits)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "Memory Utilisation (from requests)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "format": "percentunit", - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"})", - "format": "time_series", - "instant": true, - "intervalFactor": 2, - "refId": "A" - } - ], - "thresholds": "70,80", - "timeFrom": null, - "timeShift": null, - "title": "Memory Utilisation (from limits)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "singlestat", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Headlines", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "quota - requests", - "color": "#F2495C", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - }, - { - "alias": "quota - limits", - "color": "#FF9830", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - } - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "quota - requests", - "legendLink": null, - "step": 10 - }, - { - "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "quota - limits", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "CPU Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "CPU Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "quota - requests", - "color": "#F2495C", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - }, - { - "alias": "quota - limits", - "color": "#FF9830", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - } - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "quota - requests", - "legendLink": null, - "step": 10 - }, - { - "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "quota - limits", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage (w/o cache)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Memory Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Usage (RSS)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Usage (Cache)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #G", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Usage (Swap)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #H", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\", image!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(container_memory_rss{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - }, - { - "expr": "sum(container_memory_cache{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "G", - "step": 10 - }, - { - "expr": "sum(container_memory_swap{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\",container!=\"\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "H", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Current Receive Bandwidth", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Current Transmit Bandwidth", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Rate of Received Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Received Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Network Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Network Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 12, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 13, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 14, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 15, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets Dropped", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": -1, - "fill": 10, - "id": 16, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "IOPS(Reads+Writes)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 17, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{container!=\"\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "ThroughPut(Read+Write)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Storage IO", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 18, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "sort": { - "col": 4, - "desc": true - }, - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "IOPS(Reads)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "IOPS(Writes)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "IOPS(Reads + Writes)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Throughput(Read)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Throughput(Write)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Throughput(Read + Write)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum by(pod) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum by(pod) (rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum by(pod) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Storage IO", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Storage IO - Distribution", - "titleSize": "h6" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Compute Resources / Namespace (Pods)", - "uid": "85a562078cdf77779eaa1add43ccec1e", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-node.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-node.yaml deleted file mode 100644 index fc10e7f2d..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-node.yaml +++ /dev/null @@ -1,1026 +0,0 @@ -{{- /* -Generated from 'k8s-resources-node' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-node" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-node.json: |- - { - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 1, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max capacity", - "color": "#F2495C", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - } - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(kube_node_status_capacity{cluster=\"$cluster\", node=~\"$node\", resource=\"cpu\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "max capacity", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "CPU Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "CPU Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", node=~\"$node\"}) by (pod) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "max capacity", - "color": "#F2495C", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - } - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(kube_node_status_capacity{cluster=\"$cluster\", node=~\"$node\", resource=\"memory\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "max capacity", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\", container!=\"\"}) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage (w/o cache)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Memory Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Usage (RSS)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Usage (Cache)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #G", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Usage (Swap)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #H", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_memory_working_set_bytes{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", node=~\"$node\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_memory_rss{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_memory_cache{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "G", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_memory_swap{cluster=\"$cluster\", node=~\"$node\",container!=\"\"}) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "H", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Quota", - "titleSize": "h6" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": true, - "name": "node", - "options": [ - - ], - "query": "label_values(kube_node_info{cluster=\"$cluster\"}, node)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Compute Resources / Node (Pods)", - "uid": "200ac8fdbfbb74b39aff88118e4d1c2c", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml deleted file mode 100644 index 881485e61..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-pod.yaml +++ /dev/null @@ -1,2469 +0,0 @@ -{{- /* -Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-pod" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-pod.json: |- - { - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 1, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "requests", - "color": "#F2495C", - "fill": 0, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - }, - { - "alias": "limits", - "color": "#FF9830", - "fill": 0, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - } - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$namespace\", pod=\"$pod\", cluster=\"$cluster\"}) by (container)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}container{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "requests", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"cpu\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "limits", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": true, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(increase(container_cpu_cfs_throttled_periods_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container) /sum(increase(container_cpu_cfs_periods_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", cluster=\"$cluster\"}[$__rate_interval])) by (container)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}container{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - { - "colorMode": "critical", - "fill": true, - "line": true, - "op": "gt", - "value": 0.25, - "yaxis": "left" - } - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Throttling", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Throttling", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "CPU Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "CPU Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Container", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "container", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container) / sum(cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "requests", - "color": "#F2495C", - "dashes": true, - "fill": 0, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - }, - { - "alias": "limits", - "color": "#FF9830", - "dashes": true, - "fill": 0, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - } - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}container{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "requests", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", resource=\"memory\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "limits", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage (WSS)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Memory Usage (WSS)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Usage (RSS)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Usage (Cache)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #G", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Usage (Swap)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #H", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Container", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "container", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_requests{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container!=\"\", image!=\"\"}) by (container) / sum(cluster:namespace:pod_memory:active:kube_pod_container_resource_limits{cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(container_memory_rss{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - }, - { - "expr": "sum(container_memory_cache{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "G", - "step": 10 - }, - { - "expr": "sum(container_memory_swap{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\", container != \"\", container != \"POD\"}) by (container)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "H", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])) by (pod)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets Dropped", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": -1, - "fill": 10, - "id": 12, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "ceil(sum by(pod) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Reads", - "legendLink": null, - "step": 10 - }, - { - "expr": "ceil(sum by(pod) (rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\",namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval])))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Writes", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "IOPS", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 13, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(pod) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Reads", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum by(pod) (rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=~\"$pod\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Writes", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "ThroughPut", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Storage IO - Distribution(Pod - Read & Writes)", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "decimals": -1, - "fill": 10, - "id": 14, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "ceil(sum by(container) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval])))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}container{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "IOPS(Reads+Writes)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 15, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by(container) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}container{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "ThroughPut(Read+Write)", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Storage IO - Distribution(Containers)", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 16, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "sort": { - "col": 4, - "desc": true - }, - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "IOPS(Reads)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "IOPS(Writes)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "IOPS(Reads + Writes)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": -1, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Throughput(Read)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Throughput(Write)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Throughput(Read + Write)", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Container", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "container", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum by(container) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum by(container) (rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\",device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum by(container) (rate(container_fs_reads_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum by(container) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum by(container) (rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum by(container) (rate(container_fs_reads_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]) + rate(container_fs_writes_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\", container!=\"\", cluster=\"$cluster\", namespace=\"$namespace\", pod=\"$pod\"}[$__rate_interval]))", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Storage IO", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Storage IO - Distribution", - "titleSize": "h6" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "pod", - "options": [ - - ], - "query": "label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\"}, pod)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Compute Resources / Pod", - "uid": "6581e46e4e5c7ba40a07646395ef7b23", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml deleted file mode 100644 index 7b19154c5..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workload.yaml +++ /dev/null @@ -1,2024 +0,0 @@ -{{- /* -Generated from 'k8s-resources-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workload" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-workload.json: |- - { - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 1, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "CPU Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "CPU Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Memory Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Current Receive Bandwidth", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Current Transmit Bandwidth", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Rate of Received Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Received Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "(sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Network Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Network Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(avg(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Container Bandwidth by Pod: Received", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(avg(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Container Bandwidth by Pod: Transmitted", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Average Container Bandwidth by Pod", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 12, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 13, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets Dropped", - "titleSize": "h6" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "type", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\"}, workload_type)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "workload", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}, workload)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Compute Resources / Workload", - "uid": "a164a7f0339f99e89cea5cb47e9be617", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml deleted file mode 100644 index c4a15829d..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/k8s-resources-workloads-namespace.yaml +++ /dev/null @@ -1,2189 +0,0 @@ -{{- /* -Generated from 'k8s-resources-workloads-namespace' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "k8s-resources-workloads-namespace" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - k8s-resources-workloads-namespace.json: |- - { - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 1, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "quota - requests", - "color": "#F2495C", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - }, - { - "alias": "quota - limits", - "color": "#FF9830", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - } - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.cpu\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "quota - requests", - "legendLink": null, - "step": 10 - }, - { - "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.cpu\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "quota - limits", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Running Pods", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "CPU Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "CPU Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", - "pattern": "workload", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Workload Type", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "workload_type", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{cluster=\"$cluster\", namespace=\"$namespace\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"cpu\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "quota - requests", - "color": "#F2495C", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - }, - { - "alias": "quota - limits", - "color": "#FF9830", - "dashes": true, - "fill": 0, - "hiddenSeries": true, - "hideTooltip": true, - "legend": true, - "linewidth": 2, - "stack": false - } - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(\n container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}} - {{`{{`}}workload_type{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"requests.memory\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "quota - requests", - "legendLink": null, - "step": 10 - }, - { - "expr": "scalar(kube_resourcequota{cluster=\"$cluster\", namespace=\"$namespace\", type=\"hard\",resource=\"limits.memory\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "quota - limits", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Running Pods", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Memory Usage", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Requests %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Memory Limits", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "bytes" - }, - { - "alias": "Memory Limits %", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "percentunit" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$__cell_2", - "pattern": "workload", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Workload Type", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "workload_type", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "count(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload, workload_type)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(\n container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(\n container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_requests{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(\n container_memory_working_set_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\", image!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n/sum(\n kube_pod_container_resource_limits{job=\"kube-state-metrics\", cluster=\"$cluster\", namespace=\"$namespace\", resource=\"memory\"}\n* on(namespace,pod)\n group_left(workload, workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}\n) by (workload, workload_type)\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Quota", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory Quota", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Current Receive Bandwidth", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Current Transmit Bandwidth", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Rate of Received Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Received Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTargetBlank": false, - "linkTooltip": "Drill down to pods", - "linkUrl": "d/a164a7f0339f99e89cea5cb47e9be617/k8s-resources-workload?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-workload=$__cell&var-type=$type", - "pattern": "workload", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Workload Type", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "workload_type", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "(sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Network Usage", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Network Usage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(avg(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Container Bandwidth by Workload: Received", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(avg(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Container Bandwidth by Workload: Transmitted", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Average Container Bandwidth by Workload", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 12, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 13, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\", namespace=\"$namespace\"}[$__rate_interval])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": false, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Rate of Packets Dropped", - "titleSize": "h6" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"kube-state-metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(kube_pod_info{job=\"kube-state-metrics\", cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "deployment", - "value": "deployment" - }, - "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "type", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\", namespace=\"$namespace\", workload=~\".+\"}, workload_type)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Compute Resources / Namespace (Workloads)", - "uid": "a87fb0d919ec0ea5f6543124e16c42a5", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/kubelet.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/kubelet.yaml deleted file mode 100644 index 11c0934a3..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/kubelet.yaml +++ /dev/null @@ -1,2256 +0,0 @@ -{{- /* -Generated from 'kubelet' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -{{- if (include "exporter.kubelet.enabled" .) }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "kubelet" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - kubelet.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 0, - "y": 0 - }, - "id": 2, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(kubelet_node_name{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "title": "Running Kubelets", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 3, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(kubelet_running_pods{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_pod_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Running Pods", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 8, - "y": 0 - }, - "id": 4, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(kubelet_running_containers{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}) OR sum(kubelet_running_container_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Running Containers", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 12, - "y": 0 - }, - "id": 5, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\", state=\"actual_state_of_world\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Actual Volume Count", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 16, - "y": 0 - }, - "id": 6, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(volume_manager_total_volumes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",state=\"desired_state_of_world\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Desired Volume Count", - "transparent": false, - "type": "stat" - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "links": [ - - ], - "mappings": [ - - ], - "thresholds": { - "mode": "absolute", - "steps": [ - - ] - }, - "unit": "none" - } - }, - "gridPos": { - "h": 7, - "w": 4, - "x": 20, - "y": 0 - }, - "id": 7, - "links": [ - - ], - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "7", - "targets": [ - { - "expr": "sum(rate(kubelet_node_config_error{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "title": "Config Error Count", - "transparent": false, - "type": "stat" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 8, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_runtime_operations_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (operation_type, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 7 - }, - "id": 9, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_runtime_operations_errors_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation Error Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 10, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_runtime_operations_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Operation duration 99th quantile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 21 - }, - "id": 11, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_pod_start_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} pod", - "refId": "A" - }, - { - "expr": "sum(rate(kubelet_pod_worker_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} worker", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Pod Start Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 21 - }, - "id": 12, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_start_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} pod", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} worker", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Pod Start Duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 28 - }, - "id": 13, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(storage_operation_duration_seconds_count{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 28 - }, - "id": 14, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(storage_operation_errors_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Error Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 35 - }, - "id": 15, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(storage_operation_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_name, volume_plugin, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_name{{`}}`}} {{`{{`}}volume_plugin{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Storage Operation Duration 99th quantile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 42 - }, - "id": 16, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_cgroup_manager_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Cgroup manager operation rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 42 - }, - "id": 17, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_cgroup_manager_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, operation_type, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}operation_type{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Cgroup manager 99th quantile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Pod lifecycle event generator", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 0, - "y": 49 - }, - "id": 18, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubelet_pleg_relist_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 12, - "x": 12, - "y": 49 - }, - "id": 19, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_interval_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist interval", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 56 - }, - "id": 20, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "PLEG relist duration", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 63 - }, - "id": 21, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "RPC Rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 70 - }, - "id": 22, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", instance=~\"$instance\"}[$__rate_interval])) by (instance, verb, url, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Request duration 99th quantile", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 77 - }, - "id": 23, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 77 - }, - "id": 24, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 77 - }, - "id": 25, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\",job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "instance", - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\",cluster=\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Kubelet", - "uid": "3138fa155d5915769fbded898ac09fd9", - "version": 0 - } -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-pod.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-pod.yaml deleted file mode 100644 index e84fcae94..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-pod.yaml +++ /dev/null @@ -1,1464 +0,0 @@ -{{- /* -Generated from 'namespace-by-pod' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-pod" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - namespace-by-pod.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 2, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "time_series", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "height": 9, - "id": 3, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": 12, - "nullPointMode": "connected", - "nullText": null, - "options": { - "fieldOptions": { - "calcs": [ - "last" - ], - "defaults": { - "max": 10000000000, - "min": 0, - "title": "$namespace", - "unit": "Bps" - }, - "mappings": [ - - ], - "override": { - - }, - "thresholds": [ - { - "color": "dark-green", - "index": 0, - "value": null - }, - { - "color": "dark-yellow", - "index": 1, - "value": 5000000000 - }, - { - "color": "dark-red", - "index": 2, - "value": 7000000000 - } - ], - "values": false - } - }, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 12, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", - "format": "time_series", - "instant": null, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Received", - "type": "gauge", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "time_series", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "height": 9, - "id": 4, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": 12, - "nullPointMode": "connected", - "nullText": null, - "options": { - "fieldOptions": { - "calcs": [ - "last" - ], - "defaults": { - "max": 10000000000, - "min": 0, - "title": "$namespace", - "unit": "Bps" - }, - "mappings": [ - - ], - "override": { - - }, - "thresholds": [ - { - "color": "dark-green", - "index": 0, - "value": null - }, - { - "color": "dark-yellow", - "index": 1, - "value": 5000000000 - }, - { - "color": "dark-red", - "index": 2, - "value": 7000000000 - } - ], - "values": false - } - }, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 12, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution]))", - "format": "time_series", - "instant": null, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Transmitted", - "type": "gauge", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "columns": [ - { - "text": "Time", - "value": "Time" - }, - { - "text": "Value #A", - "value": "Value #A" - }, - { - "text": "Value #B", - "value": "Value #B" - }, - { - "text": "Value #C", - "value": "Value #C" - }, - { - "text": "Value #D", - "value": "Value #D" - }, - { - "text": "Value #E", - "value": "Value #E" - }, - { - "text": "Value #F", - "value": "Value #F" - }, - { - "text": "pod", - "value": "pod" - } - ], - "datasource": "$datasource", - "fill": 1, - "fontSize": "100%", - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 5, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null as zero", - "renderer": "flot", - "scroll": true, - "showHeader": true, - "sort": { - "col": 0, - "desc": false - }, - "spaceLength": 10, - "span": 24, - "styles": [ - { - "alias": "Time", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Time", - "thresholds": [ - - ], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Bandwidth Received", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Bandwidth Transmitted", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Rate of Received Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Received Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Pod", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "Drill down", - "linkUrl": "d/7a18067ce943a40ae25454675c19ff5c/kubernetes-networking-pod?orgId=1&refresh=30s&var-namespace=$namespace&var-pod=$__cell", - "pattern": "pod", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Status", - "type": "table" - }, - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 6, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 20 - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 20 - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 29 - }, - "id": 9, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 30 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 30 - }, - "id": 11, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Packets", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 30 - }, - "id": 12, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 40 - }, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 40 - }, - "id": 14, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Errors", - "titleSize": "h6", - "type": "row" - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 18, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".+", - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "kube-system", - "value": "kube-system" - }, - "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "resolution", - "options": [ - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": true, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - } - ], - "query": "30s,5m,1h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": false, - "label": null, - "multi": false, - "name": "interval", - "options": [ - { - "selected": true, - "text": "4h", - "value": "4h" - } - ], - "query": "4h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Networking / Namespace (Pods)", - "uid": "8b7a8b326d7a6f1f04244066368c67af", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-workload.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-workload.yaml deleted file mode 100644 index 5490fe7f0..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/namespace-by-workload.yaml +++ /dev/null @@ -1,1736 +0,0 @@ -{{- /* -Generated from 'namespace-by-workload' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "namespace-by-workload" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - namespace-by-workload.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 2, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} workload {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Received", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} workload {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Transmitted", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "columns": [ - { - "text": "Time", - "value": "Time" - }, - { - "text": "Value #A", - "value": "Value #A" - }, - { - "text": "Value #B", - "value": "Value #B" - }, - { - "text": "Value #C", - "value": "Value #C" - }, - { - "text": "Value #D", - "value": "Value #D" - }, - { - "text": "Value #E", - "value": "Value #E" - }, - { - "text": "Value #F", - "value": "Value #F" - }, - { - "text": "Value #G", - "value": "Value #G" - }, - { - "text": "Value #H", - "value": "Value #H" - }, - { - "text": "workload", - "value": "workload" - } - ], - "datasource": "$datasource", - "fill": 1, - "fontSize": "90%", - "gridPos": { - "h": 9, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 5, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null as zero", - "renderer": "flot", - "scroll": true, - "showHeader": true, - "sort": { - "col": 0, - "desc": false - }, - "spaceLength": 10, - "span": 24, - "styles": [ - { - "alias": "Time", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Time", - "thresholds": [ - - ], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Current Bandwidth Received", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Current Bandwidth Transmitted", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Average Bandwidth Received", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #C", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Average Bandwidth Transmitted", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #D", - "thresholds": [ - - ], - "type": "number", - "unit": "Bps" - }, - { - "alias": "Rate of Received Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #E", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #F", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Received Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #G", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Rate of Transmitted Packets Dropped", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #H", - "thresholds": [ - - ], - "type": "number", - "unit": "pps" - }, - { - "alias": "Workload", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": true, - "linkTooltip": "Drill down", - "linkUrl": "d/728bf77cc1166d2f3133bf25846876cc/kubernetes-networking-workload?orgId=1&refresh=30s&var-namespace=$namespace&var-type=$type&var-workload=$__cell", - "pattern": "workload", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - } - ], - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - }, - { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "C", - "step": 10 - }, - { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "D", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "E", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "F", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "G", - "step": 10 - }, - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "H", - "step": 10 - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Status", - "type": "table" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 19 - }, - "id": 6, - "panels": [ - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 20 - }, - "id": 7, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} workload {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Rate of Bytes Received", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 20 - }, - "id": 8, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} workload {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Rate of Bytes Transmitted", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Average Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 29 - }, - "id": 9, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth HIstory", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 38 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 38 - }, - "id": 11, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 39 - }, - "id": 12, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 40 - }, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 40 - }, - "id": 14, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Packets", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 40 - }, - "id": 15, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 41 - }, - "id": 16, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 41 - }, - "id": 17, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\", workload_type=\"$type\"}) by (workload))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}workload{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Errors", - "titleSize": "h6", - "type": "row" - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 18, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "kube-system", - "value": "kube-system" - }, - "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "deployment", - "value": "deployment" - }, - "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\"}, workload_type)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "type", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=\"$namespace\", workload=~\".+\"}, workload_type)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "resolution", - "options": [ - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": true, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - } - ], - "query": "30s,5m,1h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": false, - "label": null, - "multi": false, - "name": "interval", - "options": [ - { - "selected": true, - "text": "4h", - "value": "4h" - } - ], - "query": "4h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Networking / Namespace (Workload)", - "uid": "bbb2a765a623ae38130206c7d94a160f", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml deleted file mode 100644 index ad688a398..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-cluster-rsrc-use.yaml +++ /dev/null @@ -1,1063 +0,0 @@ -{{- /* -Generated from 'node-cluster-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-cluster-rsrc-use" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - node-cluster-rsrc-use.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "((\n instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n *\n instance:node_num_cpu:sum{job=\"node-exporter\", cluster=\"$cluster\"}\n) != 0 )\n/ scalar(sum(instance:node_num_cpu:sum{job=\"node-exporter\", cluster=\"$cluster\"}))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}} instance {{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance:node_load1_per_cpu:ratio{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Saturation (Load1 per CPU)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance:node_memory_utilisation:ratio{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Saturation (Major Page Faults)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "rds", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "rds", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/Receive/", - "stack": "A" - }, - { - "alias": "/Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", - "refId": "A" - }, - { - "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Utilisation (Bytes Receive/Transmit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/ Receive/", - "stack": "A" - }, - { - "alias": "/ Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Receive", - "refId": "A" - }, - { - "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} Transmit", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Saturation (Drops Receive/Transmit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}\n / scalar(count(instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", cluster=\"$cluster\"}))\n) != 0\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}} {{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Saturation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk IO", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum without (device) (\n max without (fstype, mountpoint) ((\n node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"}\n -\n node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"}\n ) != 0)\n)\n/ scalar(sum(max without (fstype, mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", cluster=\"$cluster\"})))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk Space Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk Space", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "node-exporter-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(node_time_seconds, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Node Exporter / USE Method / Cluster", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-rsrc-use.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-rsrc-use.yaml deleted file mode 100644 index 561dcb93d..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/node-rsrc-use.yaml +++ /dev/null @@ -1,1089 +0,0 @@ -{{- /* -Generated from 'node-rsrc-use' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "node-rsrc-use" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - node-rsrc-use.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_cpu_utilisation:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Utilisation", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_load1_per_cpu:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Saturation", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Saturation (Load1 per CPU)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_memory_utilisation:ratio{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Utilisation", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_vmstat_pgmajfault:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Major page Faults", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Saturation (Major Page Faults)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "rds", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "rds", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/Receive/", - "stack": "A" - }, - { - "alias": "/Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Receive", - "refId": "A" - }, - { - "expr": "instance:node_network_transmit_bytes_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Transmit", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Utilisation (Bytes Receive/Transmit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/ Receive/", - "stack": "A" - }, - { - "alias": "/ Transmit/", - "stack": "B", - "transform": "negative-Y" - } - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance:node_network_receive_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Receive", - "refId": "A" - }, - { - "expr": "instance:node_network_transmit_drop_excluding_lo:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Transmit", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Saturation (Drops Receive/Transmit)", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance_device:node_disk_io_time_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "instance_device:node_disk_io_time_weighted_seconds:rate5m{job=\"node-exporter\", instance=\"$instance\", cluster=\"$cluster\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk IO Saturation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk IO", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": false, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(1 -\n (\n max without (mountpoint, fstype) (node_filesystem_avail_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=\"$cluster\"})\n /\n max without (mountpoint, fstype) (node_filesystem_size_bytes{job=\"node-exporter\", fstype!=\"\", instance=\"$instance\", cluster=\"$cluster\"})\n ) != 0\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk Space Utilisation", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk Space", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "node-exporter-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(node_time_seconds, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(node_exporter_build_info{job=\"node-exporter\", cluster=\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Node Exporter / USE Method / Node", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-darwin.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-darwin.yaml deleted file mode 100644 index 09bc5930a..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes-darwin.yaml +++ /dev/null @@ -1,1073 +0,0 @@ -{{- /* -Generated from 'nodes-darwin' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ template "kube-prometheus-stack-grafana.namespace" . }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes-darwin" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - nodes-darwin.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", - "format": "time_series", - "intervalFactor": 5, - "legendFormat": "{{`{{`}}cpu{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "1m load average", - "refId": "A" - }, - { - "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5m load average", - "refId": "B" - }, - { - "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "15m load average", - "refId": "C" - }, - { - "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "logical cores", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 9, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Physical Memory", - "refId": "A" - }, - { - "expr": "(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"} +\n node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"} +\n node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Memory Used", - "refId": "B" - }, - { - "expr": "(\n node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"} -\n node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "App Memory", - "refId": "C" - }, - { - "expr": "node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Wired Memory", - "refId": "D" - }, - { - "expr": "node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Compressed", - "refId": "E" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "max": 100, - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)" - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 80 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 90 - } - ] - }, - "unit": "percent" - } - }, - "gridPos": { - - }, - "id": 5, - "span": 3, - "targets": [ - { - "expr": "(\n (\n avg(node_memory_internal_bytes{job=\"node-exporter\", instance=\"$instance\"}) -\n avg(node_memory_purgeable_bytes{job=\"node-exporter\", instance=\"$instance\"}) +\n avg(node_memory_wired_bytes{job=\"node-exporter\", instance=\"$instance\"}) +\n avg(node_memory_compressed_bytes{job=\"node-exporter\", instance=\"$instance\"})\n ) /\n avg(node_memory_total_bytes{job=\"node-exporter\", instance=\"$instance\"})\n)\n*\n100\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "" - } - ], - "title": "Memory Usage", - "transparent": false, - "type": "gauge" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/ read| written/", - "yaxis": 1 - }, - { - "alias": "/ io time/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} read", - "refId": "A" - }, - { - "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} written", - "refId": "B" - }, - { - "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} io time", - "refId": "C" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": { - - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "yellow", - "value": 0.8 - }, - { - "color": "red", - "value": 0.9 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Mounted on" - }, - "properties": [ - { - "id": "custom.width", - "value": 260 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Size" - }, - "properties": [ - { - "id": "custom.width", - "value": 93 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Used" - }, - "properties": [ - { - "id": "custom.width", - "value": 72 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Available" - }, - "properties": [ - { - "id": "custom.width", - "value": 88 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Used, %" - }, - "properties": [ - { - "id": "unit", - "value": "percentunit" - }, - { - "id": "custom.displayMode", - "value": "gradient-gauge" - }, - { - "id": "max", - "value": 1 - }, - { - "id": "min", - "value": 0 - } - ] - } - ] - }, - "gridPos": { - - }, - "id": 7, - "span": 6, - "targets": [ - { - "expr": "max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"})\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "" - }, - { - "expr": "max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"})\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "" - } - ], - "title": "Disk Space Usage", - "transformations": [ - { - "id": "groupBy", - "options": { - "fields": { - "Value #A": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "Value #B": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "mountpoint": { - "aggregations": [ - - ], - "operation": "groupby" - } - } - } - }, - { - "id": "merge", - "options": { - - } - }, - { - "id": "calculateField", - "options": { - "alias": "Used", - "binary": { - "left": "Value #A (lastNotNull)", - "operator": "-", - "reducer": "sum", - "right": "Value #B (lastNotNull)" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "Used, %", - "binary": { - "left": "Used", - "operator": "/", - "reducer": "sum", - "right": "Value #A (lastNotNull)" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - - }, - "indexByName": { - - }, - "renameByName": { - "Value #A (lastNotNull)": "Size", - "Value #B (lastNotNull)": "Available", - "mountpoint": "Mounted on" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": { - - }, - "sort": [ - { - "field": "Mounted on" - } - ] - } - } - ], - "transparent": false, - "type": "table" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Network received (bits/s)", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Network transmitted (bits/s)", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Transmitted", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "node-exporter-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "Instance", - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(node_uname_info{job=\"node-exporter\", sysname=\"Darwin\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Node Exporter / MacOS", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes.yaml deleted file mode 100644 index adbe3f02e..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/nodes.yaml +++ /dev/null @@ -1,1066 +0,0 @@ -{{- /* -Generated from 'nodes' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.nodeExporter.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "nodes" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - nodes.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 1, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "30s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n (1 - sum without (mode) (rate(node_cpu_seconds_total{job=\"node-exporter\", mode=~\"idle|iowait|steal\", instance=\"$instance\"}[$__rate_interval])))\n/ ignoring(cpu) group_left\n count without (cpu, mode) (node_cpu_seconds_total{job=\"node-exporter\", mode=\"idle\", instance=\"$instance\"})\n)\n", - "format": "time_series", - "intervalFactor": 5, - "legendFormat": "{{`{{`}}cpu{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": 1, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "node_load1{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "1m load average", - "refId": "A" - }, - { - "expr": "node_load5{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5m load average", - "refId": "B" - }, - { - "expr": "node_load15{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "15m load average", - "refId": "C" - }, - { - "expr": "count(node_cpu_seconds_total{job=\"node-exporter\", instance=\"$instance\", mode=\"idle\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "logical cores", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Load Average", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "CPU", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 9, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}\n-\n node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "memory used", - "refId": "A" - }, - { - "expr": "node_memory_Buffers_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "memory buffers", - "refId": "B" - }, - { - "expr": "node_memory_Cached_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "memory cached", - "refId": "C" - }, - { - "expr": "node_memory_MemFree_bytes{job=\"node-exporter\", instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "memory free", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "max": 100, - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)" - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 80 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 90 - } - ] - }, - "unit": "percent" - } - }, - "gridPos": { - - }, - "id": 5, - "span": 3, - "targets": [ - { - "expr": "100 -\n(\n avg(node_memory_MemAvailable_bytes{job=\"node-exporter\", instance=\"$instance\"}) /\n avg(node_memory_MemTotal_bytes{job=\"node-exporter\", instance=\"$instance\"})\n* 100\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "" - } - ], - "title": "Memory Usage", - "transparent": false, - "type": "gauge" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Memory", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - { - "alias": "/ read| written/", - "yaxis": 1 - }, - { - "alias": "/ io time/", - "yaxis": 2 - } - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_disk_read_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} read", - "refId": "A" - }, - { - "expr": "rate(node_disk_written_bytes_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} written", - "refId": "B" - }, - { - "expr": "rate(node_disk_io_time_seconds_total{job=\"node-exporter\", instance=\"$instance\", device=~\"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}} io time", - "refId": "C" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Disk I/O", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "datasource": "$datasource", - "fieldConfig": { - "defaults": { - "custom": { - - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green" - }, - { - "color": "yellow", - "value": 0.8 - }, - { - "color": "red", - "value": 0.9 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Mounted on" - }, - "properties": [ - { - "id": "custom.width", - "value": 260 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Size" - }, - "properties": [ - { - "id": "custom.width", - "value": 93 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Used" - }, - "properties": [ - { - "id": "custom.width", - "value": 72 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Available" - }, - "properties": [ - { - "id": "custom.width", - "value": 88 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Used, %" - }, - "properties": [ - { - "id": "unit", - "value": "percentunit" - }, - { - "id": "custom.displayMode", - "value": "gradient-gauge" - }, - { - "id": "max", - "value": 1 - }, - { - "id": "min", - "value": 0 - } - ] - } - ] - }, - "gridPos": { - - }, - "id": 7, - "span": 6, - "targets": [ - { - "expr": "max by (mountpoint) (node_filesystem_size_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"})\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "" - }, - { - "expr": "max by (mountpoint) (node_filesystem_avail_bytes{job=\"node-exporter\", instance=\"$instance\", fstype!=\"\"})\n", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "" - } - ], - "title": "Disk Space Usage", - "transformations": [ - { - "id": "groupBy", - "options": { - "fields": { - "Value #A": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "Value #B": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "mountpoint": { - "aggregations": [ - - ], - "operation": "groupby" - } - } - } - }, - { - "id": "merge", - "options": { - - } - }, - { - "id": "calculateField", - "options": { - "alias": "Used", - "binary": { - "left": "Value #A (lastNotNull)", - "operator": "-", - "reducer": "sum", - "right": "Value #B (lastNotNull)" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "Used, %", - "binary": { - "left": "Used", - "operator": "/", - "reducer": "sum", - "right": "Value #A (lastNotNull)" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - - }, - "indexByName": { - - }, - "renameByName": { - "Value #A (lastNotNull)": "Size", - "Value #B (lastNotNull)": "Available", - "mountpoint": "Mounted on" - } - } - }, - { - "id": "sortBy", - "options": { - "fields": { - - }, - "sort": [ - { - "field": "Mounted on" - } - ] - } - } - ], - "transparent": false, - "type": "table" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Disk", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Network received (bits/s)", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_receive_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Received", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "Network transmitted (bits/s)", - "fill": 0, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(node_network_transmit_bytes_total{job=\"node-exporter\", instance=\"$instance\", device!=\"lo\"}[$__rate_interval]) * 8", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}device{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Transmitted", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Network", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "node-exporter-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "Instance", - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(node_uname_info{job=\"node-exporter\", sysname!=\"Darwin\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Node Exporter / Nodes", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml deleted file mode 100644 index 7fa1bd135..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/persistentvolumesusage.yaml +++ /dev/null @@ -1,587 +0,0 @@ -{{- /* -Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "persistentvolumesusage" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - persistentvolumesusage.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 9, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Used Space", - "refId": "A" - }, - { - "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Free Space", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Volume Space Usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "$datasource", - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "max without(instance,node) (\n(\n topk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n -\n topk(1, kubelet_volume_stats_available_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n)\n/\ntopk(1, kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "80, 90", - "title": "Volume Space Usage", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "max": true, - "min": true, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 9, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "Used inodes", - "refId": "A" - }, - { - "expr": "(\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n -\n sum without(instance, node) (topk(1, (kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})))\n)\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": " Free inodes", - "refId": "B" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Volume inodes Usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "rgba(50, 172, 45, 0.97)", - "rgba(237, 129, 40, 0.89)", - "rgba(245, 54, 54, 0.9)" - ], - "datasource": "$datasource", - "format": "percent", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": true, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 3, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "max without(instance,node) (\ntopk(1, kubelet_volume_stats_inodes_used{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n/\ntopk(1, kubelet_volume_stats_inodes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\", persistentvolumeclaim=\"$volume\"})\n* 100)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "80, 90", - "title": "Volume inodes Usage", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(kubelet_volume_stats_capacity_bytes{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "Namespace", - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\"}, namespace)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": "PersistentVolumeClaim", - "multi": false, - "name": "volume", - "options": [ - - ], - "query": "label_values(kubelet_volume_stats_capacity_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics\", namespace=\"$namespace\"}, persistentvolumeclaim)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-7d", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Persistent Volumes", - "uid": "919b92a8e8041bd567af9edab12c840c", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/pod-total.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/pod-total.yaml deleted file mode 100644 index d4ce802fb..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/pod-total.yaml +++ /dev/null @@ -1,1228 +0,0 @@ -{{- /* -Generated from 'pod-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "pod-total" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - pod-total.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 2, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "time_series", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "height": 9, - "id": 3, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": 12, - "nullPointMode": "connected", - "nullText": null, - "options": { - "fieldOptions": { - "calcs": [ - "last" - ], - "defaults": { - "max": 10000000000, - "min": 0, - "title": "$namespace: $pod", - "unit": "Bps" - }, - "mappings": [ - - ], - "override": { - - }, - "thresholds": [ - { - "color": "dark-green", - "index": 0, - "value": null - }, - { - "color": "dark-yellow", - "index": 1, - "value": 5000000000 - }, - { - "color": "dark-red", - "index": 2, - "value": 7000000000 - } - ], - "values": false - } - }, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 12, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", - "format": "time_series", - "instant": null, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Received", - "type": "gauge", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "decimals": 0, - "format": "time_series", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "height": 9, - "id": 4, - "interval": null, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "minSpan": 12, - "nullPointMode": "connected", - "nullText": null, - "options": { - "fieldOptions": { - "calcs": [ - "last" - ], - "defaults": { - "max": 10000000000, - "min": 0, - "title": "$namespace: $pod", - "unit": "Bps" - }, - "mappings": [ - - ], - "override": { - - }, - "thresholds": [ - { - "color": "dark-green", - "index": 0, - "value": null - }, - { - "color": "dark-yellow", - "index": 1, - "value": 5000000000 - }, - { - "color": "dark-red", - "index": 2, - "value": 7000000000 - } - ], - "values": false - } - }, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 12, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution]))", - "format": "time_series", - "instant": null, - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Transmitted", - "type": "gauge", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "current" - }, - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 5, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_bytes_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 20 - }, - "id": 8, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 21 - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 21 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Packets", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 11, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 32 - }, - "id": 12, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_receive_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 32 - }, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(irate(container_network_transmit_packets_dropped_total{cluster=\"$cluster\",namespace=~\"$namespace\", pod=~\"$pod\"}[$interval:$resolution])) by (pod)", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Errors", - "titleSize": "h6", - "type": "row" - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 18, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".+", - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "kube-system", - "value": "kube-system" - }, - "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".+", - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "pod", - "options": [ - - ], - "query": "label_values(container_network_receive_packets_total{cluster=\"$cluster\",namespace=~\"$namespace\"}, pod)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "resolution", - "options": [ - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": true, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - } - ], - "query": "30s,5m,1h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": false, - "label": null, - "multi": false, - "name": "interval", - "options": [ - { - "selected": true, - "text": "4h", - "value": "4h" - } - ], - "query": "4h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Networking / Pod", - "uid": "7a18067ce943a40ae25454675c19ff5c", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml deleted file mode 100644 index 082795801..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus-remote-write.yaml +++ /dev/null @@ -1,1674 +0,0 @@ -{{- /* -Generated from 'prometheus-remote-write' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled .Values.prometheus.prometheusSpec.remoteWriteDashboards }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus-remote-write" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - prometheus-remote-write.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "60s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 2, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "(\n prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} \n- \n ignoring(remote_name, url) group_right(instance) (prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"} != 0)\n)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Highest Timestamp In vs. Highest Timestamp Sent", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "clamp_min(\n rate(prometheus_remote_storage_highest_timestamp_in_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) \n- \n ignoring (remote_name, url) group_right(instance) rate(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n, 0)\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate[5m]", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Timestamps", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(\n prometheus_remote_storage_samples_in_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])\n- \n ignoring(remote_name, url) group_right(instance) (rate(prometheus_remote_storage_succeeded_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n- \n (rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]))\n", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate, in vs. succeeded or dropped [5m]", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Samples", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "minSpan": 6, - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Shards", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shards_max{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Max Shards", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shards_min{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Min Shards", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shards_desired{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Desired Shards", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Shards", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_shard_capacity{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Shard Capacity", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_remote_storage_pending_samples{cluster=~\"$cluster\", instance=~\"$instance\"} or prometheus_remote_storage_samples_pending{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Pending Samples", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Shard Details", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 11, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_wal_segment_current{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "TSDB Current Segment", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 12, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_wal_watcher_current_segment{cluster=~\"$cluster\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}consumer{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Remote Write Current Segment", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "none", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Segments", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_remote_storage_dropped_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_dropped_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Dropped Samples", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 14, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_remote_storage_failed_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Failed Samples", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 15, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_remote_storage_retried_samples_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m]) or rate(prometheus_remote_storage_samples_retried_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Retried Samples", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 16, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 3, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_remote_storage_enqueue_retries_total{cluster=~\"$cluster\", instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}}:{{`{{`}}instance{{`}}`}} {{`{{`}}remote_name{{`}}`}}:{{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Enqueue Retries", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Misc. Rates", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "prometheus-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - "text": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "value": { - "selected": true, - "text": "All", - "value": "$__all" - } - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": true, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(kube_pod_container_info{image=~\".*prometheus.*\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - "text": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "value": { - "selected": true, - "text": "All", - "value": "$__all" - } - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(prometheus_build_info{cluster=~\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "url", - "options": [ - - ], - "query": "label_values(prometheus_remote_storage_shards{cluster=~\"$cluster\", instance=~\"$instance\"}, url)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-6h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Prometheus / Remote Write", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus.yaml deleted file mode 100644 index 1fd0b9909..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/prometheus.yaml +++ /dev/null @@ -1,1235 +0,0 @@ -{{- /* -Generated from 'prometheus' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "prometheus" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - prometheus.json: |- - { - "annotations": { - "list": [ - - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "links": [ - - ], - "refresh": "60s", - "rows": [ - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 1, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "styles": [ - { - "alias": "Time", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "hidden" - }, - { - "alias": "Count", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #A", - "thresholds": [ - - ], - "type": "hidden", - "unit": "short" - }, - { - "alias": "Uptime", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "Value #B", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Instance", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "instance", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Job", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "job", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "Version", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "linkTargetBlank": false, - "linkTooltip": "Drill down", - "linkUrl": "", - "pattern": "version", - "thresholds": [ - - ], - "type": "number", - "unit": "short" - }, - { - "alias": "", - "colorMode": null, - "colors": [ - - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "pattern": "/.*/", - "thresholds": [ - - ], - "type": "string", - "unit": "short" - } - ], - "targets": [ - { - "expr": "count by (job, instance, version) (prometheus_build_info{job=~\"$job\", instance=~\"$instance\"})", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "A", - "step": 10 - }, - { - "expr": "max by (job, instance) (time() - process_start_time_seconds{job=~\"$job\", instance=~\"$instance\"})", - "format": "table", - "instant": true, - "intervalFactor": 2, - "legendFormat": "", - "refId": "B", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Prometheus Stats", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "transform": "table", - "type": "table", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Prometheus Stats", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(prometheus_target_sync_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m])) by (scrape_job) * 1e3", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}scrape_job{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Target Sync", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum(prometheus_sd_discovered_targets{job=~\"$job\",instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Targets", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Targets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Discovery", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_target_interval_length_seconds_sum{job=~\"$job\",instance=~\"$instance\"}[5m]) / rate(prometheus_target_interval_length_seconds_count{job=~\"$job\",instance=~\"$instance\"}[5m]) * 1e3", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}interval{{`}}`}} configured", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Scrape Interval Duration", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_body_size_limit_total[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "exceeded body size limit: {{`{{`}}job{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum by (job) (rate(prometheus_target_scrapes_exceeded_sample_limit_total[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "exceeded sample limit: {{`{{`}}job{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_duplicate_timestamp_total[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "duplicate timestamp: {{`{{`}}job{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_bounds_total[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "out of bounds: {{`{{`}}job{{`}}`}}", - "legendLink": null, - "step": 10 - }, - { - "expr": "sum by (job) (rate(prometheus_target_scrapes_sample_out_of_order_total[1m]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "out of order: {{`{{`}}job{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Scrape failures", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 6, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_tsdb_head_samples_appended_total{job=~\"$job\",instance=~\"$instance\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Appended Samples", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Retrieval", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 7, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_series{job=~\"$job\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head series", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Head Series", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 8, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "prometheus_tsdb_head_chunks{job=~\"$job\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}} head chunks", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Head Chunks", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Storage", - "titleSize": "h6" - }, - { - "collapse": false, - "height": "250px", - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 9, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "rate(prometheus_engine_query_duration_seconds_count{job=~\"$job\",instance=~\"$instance\",slice=\"inner_eval\"}[5m])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}job{{`}}`}} {{`{{`}}instance{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Query Rate", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 10, - "id": 10, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 0, - "links": [ - - ], - "nullPointMode": "null as zero", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "max by (slice) (prometheus_engine_query_duration_seconds{quantile=\"0.9\",job=~\"$job\",instance=~\"$instance\"}) * 1e3", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}slice{{`}}`}}", - "legendLink": null, - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Stage Duration", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ms", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Query", - "titleSize": "h6" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "prometheus-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": ".+", - "current": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "job", - "multi": true, - "name": "job", - "options": [ - - ], - "query": "label_values(prometheus_build_info{job=\"prometheus-k8s\",namespace=\"monitoring\"}, job)", - "refresh": 1, - "regex": "", - "sort": 2, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".+", - "current": { - "selected": true, - "text": "All", - "value": "$__all" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": "instance", - "multi": true, - "name": "instance", - "options": [ - - ], - "query": "label_values(prometheus_build_info{job=~\"$job\"}, instance)", - "refresh": 1, - "regex": "", - "sort": 2, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Prometheus / Overview", - "uid": "", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/proxy.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/proxy.yaml deleted file mode 100644 index 77d4fdf9e..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/proxy.yaml +++ /dev/null @@ -1,1276 +0,0 @@ -{{- /* -Generated from 'proxy' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -{{- if (include "exporter.kubeProxy.enabled" .)}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "proxy" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - proxy.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - {{- if .Values.k3sServer.enabled }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", metrics_path=\"/metrics\"})", - {{- else }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\"})", - {{- end }} - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Up", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubeproxy_sync_proxy_rules_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "rate", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rules Sync Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99,rate(kubeproxy_sync_proxy_rules_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rule Sync Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(kubeproxy_network_programming_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "rate", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Programming Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 6, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(kubeproxy_network_programming_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Network Programming Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Kube API Request Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 8, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\",verb=\"POST\"}[$__rate_interval])) by (verb, url, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Post Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Get Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 11, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 12, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeProxy.jobName" . }}\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeProxy.jobName" . }}\", cluster=\"$cluster\", job=\"{{ include "exporter.kubeProxy.jobName" . }}\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Proxy", - "uid": "632e265de029684c40b21cb76bca4f94", - "version": 0 - } -{{- end }}{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/scheduler.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/scheduler.yaml deleted file mode 100644 index b71a9d4e4..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/scheduler.yaml +++ /dev/null @@ -1,1118 +0,0 @@ -{{- /* -Generated from 'scheduler' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -{{- if (include "exporter.kubeScheduler.enabled" .)}} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "scheduler" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - scheduler.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - - ] - }, - "editable": false, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "refresh": "10s", - "rows": [ - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "cacheTimeout": null, - "colorBackground": false, - "colorValue": false, - "colors": [ - "#299c46", - "rgba(237, 129, 40, 0.89)", - "#d44a3a" - ], - "datasource": "$datasource", - "format": "none", - "gauge": { - "maxValue": 100, - "minValue": 0, - "show": false, - "thresholdLabels": false, - "thresholdMarkers": true - }, - "gridPos": { - - }, - "id": 2, - "interval": "1m", - "legend": { - "alignAsTable": true, - "rightSide": true - }, - "links": [ - - ], - "mappingType": 1, - "mappingTypes": [ - { - "name": "value to text", - "value": 1 - }, - { - "name": "range to text", - "value": 2 - } - ], - "maxDataPoints": 100, - "nullPointMode": "connected", - "nullText": null, - "postfix": "", - "postfixFontSize": "50%", - "prefix": "", - "prefixFontSize": "50%", - "rangeMaps": [ - { - "from": "null", - "text": "N/A", - "to": "null" - } - ], - "span": 2, - "sparkline": { - "fillColor": "rgba(31, 118, 189, 0.18)", - "full": false, - "lineColor": "rgb(31, 120, 193)", - "show": false - }, - "tableColumn": "", - "targets": [ - { - {{- if .Values.k3sServer.enabled }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", metrics_path=\"/metrics\"})", - {{- else }} - "expr": "sum(up{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"})", - {{- end }} - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "refId": "A" - } - ], - "thresholds": "", - "title": "Up", - "tooltip": { - "shared": false - }, - "type": "singlestat", - "valueFontSize": "80%", - "valueMaps": [ - { - "op": "=", - "text": "N/A", - "value": "null" - } - ], - "valueName": "min" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 3, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(scheduler_e2e_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} e2e", - "refId": "A" - }, - { - "expr": "sum(rate(scheduler_binding_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} binding", - "refId": "B" - }, - { - "expr": "sum(rate(scheduler_scheduling_algorithm_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} scheduling algorithm", - "refId": "C" - }, - { - "expr": "sum(rate(scheduler_volume_scheduling_duration_seconds_count{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} volume", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Scheduling Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 4, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 5, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} e2e", - "refId": "A" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} binding", - "refId": "B" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} scheduling algorithm", - "refId": "C" - }, - { - "expr": "histogram_quantile(0.99, sum(rate(scheduler_volume_scheduling_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}[$__rate_interval])) by (cluster, instance, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}cluster{{`}}`}} {{`{{`}}instance{{`}}`}} volume", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Scheduling latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 5, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"2..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "2xx", - "refId": "A" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"3..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "3xx", - "refId": "B" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"4..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "4xx", - "refId": "C" - }, - { - "expr": "sum(rate(rest_client_requests_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\",code=~\"5..\"}[$__rate_interval]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "5xx", - "refId": "D" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Kube API Request Rate", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "ops", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 6, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 8, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"POST\"}[$__rate_interval])) by (verb, url, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Post Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 7, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "histogram_quantile(0.99, sum(rate(rest_client_request_duration_seconds_bucket{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\", verb=\"GET\"}[$__rate_interval])) by (verb, url, le))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}verb{{`}}`}} {{`{{`}}url{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Get Request Latency 99th Quantile", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "s", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 8, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "process_resident_memory_bytes{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Memory", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 9, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "rate(process_cpu_seconds_total{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", instance=~\"$instance\"}[$__rate_interval])", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "CPU usage", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "bytes", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 1, - "fillGradient": 0, - "gridPos": { - - }, - "id": 10, - "interval": "1m", - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "links": [ - - ], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 4, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "go_goroutines{cluster=\"$cluster\", job=\"{{ include "exporter.kubeScheduler.jobName" . }}\",instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{`{{`}}instance{{`}}`}}", - "refId": "A" - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Goroutines", - "tooltip": { - "shared": false, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": false, - "title": "Dashboard Row", - "titleSize": "h6", - "type": "row" - } - ], - "schemaVersion": 14, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": "cluster", - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "instance", - "options": [ - - ], - "query": "label_values(up{job=\"{{ include "exporter.kubeScheduler.jobName" . }}\", cluster=\"$cluster\"}, instance)", - "refresh": 2, - "regex": "", - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Scheduler", - "uid": "2e6b6a3b4bddf1427b3a55aa1311c656", - "version": 0 - } -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/workload-total.yaml b/charts/rancher-monitoring/templates/grafana/dashboards-1.14/workload-total.yaml deleted file mode 100644 index 043af9af9..000000000 --- a/charts/rancher-monitoring/templates/grafana/dashboards-1.14/workload-total.yaml +++ /dev/null @@ -1,1438 +0,0 @@ -{{- /* -Generated from 'workload-total' from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/grafana-dashboardDefinitions.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (or .Values.grafana.enabled .Values.grafana.forceDeployDashboards) (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "workload-total" | trunc 63 | trimSuffix "-" }} - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: {{ ternary $.Values.grafana.sidecar.dashboards.labelValue "1" (not (empty $.Values.grafana.sidecar.dashboards.labelValue)) | quote }} - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: - workload-total.json: |- - { - "__inputs": [ - - ], - "__requires": [ - - ], - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "hideControls": false, - "id": null, - "links": [ - - ], - "panels": [ - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 2, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Current Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 3, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} pod {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Received", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 1 - }, - "id": 4, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} pod {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Current Rate of Bytes Transmitted", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 5, - "panels": [ - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 11 - }, - "id": 6, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(avg(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} pod {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Rate of Bytes Received", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": true, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 7, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sideWidth": null, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": false, - "linewidth": 1, - "links": [ - - ], - "minSpan": 24, - "nullPointMode": "null", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 24, - "stack": false, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(avg(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}} pod {{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Average Rate of Bytes Transmitted", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "series", - "name": null, - "show": false, - "values": [ - "current" - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Average Bandwidth", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": false, - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 11 - }, - "id": 8, - "panels": [ - - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Bandwidth HIstory", - "titleSize": "h6", - "type": "row" - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 12 - }, - "id": 9, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Receive Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 12 - }, - "id": 10, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_bytes_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Transmit Bandwidth", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "Bps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 11, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 22 - }, - "id": 12, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 22 - }, - "id": 13, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Packets", - "titleSize": "h6", - "type": "row" - }, - { - "collapse": true, - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 22 - }, - "id": 14, - "panels": [ - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 0, - "y": 23 - }, - "id": 15, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_receive_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Received Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - }, - { - "aliasColors": { - - }, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "fill": 2, - "fillGradient": 0, - "gridPos": { - "h": 9, - "w": 12, - "x": 12, - "y": 23 - }, - "id": 16, - "legend": { - "alignAsTable": false, - "avg": false, - "current": false, - "hideEmpty": true, - "hideZero": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sideWidth": null, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 2, - "links": [ - - ], - "minSpan": 12, - "nullPointMode": "connected", - "paceLength": 10, - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "repeat": null, - "seriesOverrides": [ - - ], - "spaceLength": 10, - "span": 12, - "stack": true, - "steppedLine": false, - "targets": [ - { - "expr": "sort_desc(sum(irate(container_network_transmit_packets_dropped_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\",namespace=~\"$namespace\"}[$interval:$resolution])\n* on (namespace,pod)\ngroup_left(workload,workload_type) namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\", workload_type=\"$type\"}) by (pod))\n", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{`{{`}}pod{{`}}`}}", - "refId": "A", - "step": 10 - } - ], - "thresholds": [ - - ], - "timeFrom": null, - "timeShift": null, - "title": "Rate of Transmitted Packets Dropped", - "tooltip": { - "shared": true, - "sort": 2, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [ - - ] - }, - "yaxes": [ - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - }, - { - "format": "pps", - "label": null, - "logBase": 1, - "max": null, - "min": 0, - "show": true - } - ] - } - ], - "repeat": null, - "repeatIteration": null, - "repeatRowId": null, - "showTitle": true, - "title": "Errors", - "titleSize": "h6", - "type": "row" - } - ], - "refresh": "10s", - "rows": [ - - ], - "schemaVersion": 18, - "style": "dark", - "tags": [ - "kubernetes-mixin" - ], - "templating": { - "list": [ - { - "current": { - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "label": "Data Source", - "name": "datasource", - "options": [ - - ], - "query": "prometheus", - "refresh": 1, - "regex": "", - "type": "datasource" - }, - { - "allValue": null, - "current": { - - }, - "datasource": "$datasource", - "hide": {{ if .Values.grafana.sidecar.dashboards.multicluster.global.enabled }}0{{ else }}2{{ end }}, - "includeAll": false, - "label": null, - "multi": false, - "name": "cluster", - "options": [ - - ], - "query": "label_values(kube_pod_info{job=\"kube-state-metrics\"}, cluster)", - "refresh": 2, - "regex": "", - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": ".+", - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "kube-system", - "value": "kube-system" - }, - "datasource": "$datasource", - "definition": "label_values(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "namespace", - "options": [ - - ], - "query": "label_values(container_network_receive_packets_total{job=\"{{ include "exporter.kubelet.jobName" . }}\", metrics_path=\"/metrics/cadvisor\", cluster=\"$cluster\"}, namespace)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "", - "value": "" - }, - "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "workload", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\"}, workload)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "deployment", - "value": "deployment" - }, - "datasource": "$datasource", - "definition": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "type", - "options": [ - - ], - "query": "label_values(namespace_workload_pod:kube_pod_owner:relabel{cluster=\"$cluster\",namespace=~\"$namespace\", workload=~\"$workload\"}, workload_type)", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "resolution", - "options": [ - { - "selected": false, - "text": "30s", - "value": "30s" - }, - { - "selected": true, - "text": "5m", - "value": "5m" - }, - { - "selected": false, - "text": "1h", - "value": "1h" - } - ], - "query": "30s,5m,1h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - }, - { - "allValue": null, - "auto": false, - "auto_count": 30, - "auto_min": "10s", - "current": { - "text": "5m", - "value": "5m" - }, - "datasource": "$datasource", - "hide": 2, - "includeAll": false, - "label": null, - "multi": false, - "name": "interval", - "options": [ - { - "selected": true, - "text": "4h", - "value": "4h" - } - ], - "query": "4h", - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [ - - ], - "tagsQuery": "", - "type": "interval", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": [ - "5m", - "15m", - "1h", - "6h", - "12h", - "24h", - "2d", - "7d", - "30d" - ] - }, - "timezone": "{{ .Values.grafana.defaultDashboardsTimezone }}", - "title": "Kubernetes / Networking / Workload", - "uid": "728bf77cc1166d2f3133bf25846876cc", - "version": 0 - } -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/grafana/namespaces.yaml b/charts/rancher-monitoring/templates/grafana/namespaces.yaml deleted file mode 100644 index 39ed210ed..000000000 --- a/charts/rancher-monitoring/templates/grafana/namespaces.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) }} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Values.grafana.defaultDashboards.namespace }} - labels: - name: {{ .Values.grafana.defaultDashboards.namespace }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - annotations: -{{- if not .Values.grafana.defaultDashboards.cleanupOnUninstall }} - helm.sh/resource-policy: "keep" -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml deleted file mode 100644 index 8b3f15f0d..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrole.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -rules: - - apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - update -{{- if .Values.global.cattle.psp.enabled }} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} - - apiGroups: ['policy'] -{{- else }} - - apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-admission -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml deleted file mode 100644 index b909d14eb..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/clusterrolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-admission -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml deleted file mode 100644 index cb1e59b3c..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-createSecret.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission-create -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -spec: - {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} - # Alpha feature since k8s 1.12 - ttlSecondsAfterFinished: 0 - {{- end }} - template: - metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission-create -{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission-create -{{- include "kube-prometheus-stack.labels" $ | indent 8 }} - spec: - {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} - priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} - {{- end }} - containers: - - name: create - {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} - image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} - {{- else }} - image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} - args: - - create - - --host={{ template "kube-prometheus-stack.operator.fullname" . }},{{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc - - --namespace={{ template "kube-prometheus-stack.namespace" . }} - - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission - {{- with .Values.prometheusOperator.admissionWebhooks.createSecretJob }} - securityContext: - {{ toYaml .securityContext | nindent 12 }} - {{- end }} - resources: -{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} - restartPolicy: OnFailure - serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} -{{ toYaml . | indent 8 }} - {{- end }} -{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }} - securityContext: -{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml deleted file mode 100644 index 067507af7..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/job-patchWebhook.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -spec: - {{- if .Capabilities.APIVersions.Has "batch/v1alpha1" }} - # Alpha feature since k8s 1.12 - ttlSecondsAfterFinished: 0 - {{- end }} - template: - metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission-patch -{{- with .Values.prometheusOperator.admissionWebhooks.patch.podAnnotations }} - annotations: -{{ toYaml . | indent 8 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission-patch -{{- include "kube-prometheus-stack.labels" $ | indent 8 }} - spec: - {{- if .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} - priorityClassName: {{ .Values.prometheusOperator.admissionWebhooks.patch.priorityClassName }} - {{- end }} - containers: - - name: patch - {{- if .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} - image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }}@sha256:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.sha }} - {{- else }} - image: {{ template "system_default_registry" . }}{{ .Values.prometheusOperator.admissionWebhooks.patch.image.repository }}:{{ .Values.prometheusOperator.admissionWebhooks.patch.image.tag }} - {{- end }} - imagePullPolicy: {{ .Values.prometheusOperator.admissionWebhooks.patch.image.pullPolicy }} - args: - - patch - - --webhook-name={{ template "kube-prometheus-stack.fullname" . }}-admission - - --namespace={{ template "kube-prometheus-stack.namespace" . }} - - --secret-name={{ template "kube-prometheus-stack.fullname" . }}-admission - - --patch-failure-policy={{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} - {{- with .Values.prometheusOperator.admissionWebhooks.patchWebhookJob }} - securityContext: - {{ toYaml .securityContext | nindent 12 }} - {{- end }} - resources: -{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.resources | indent 12 }} - restartPolicy: OnFailure - serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-admission - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- with .Values.prometheusOperator.admissionWebhooks.patch.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- with .Values.prometheusOperator.admissionWebhooks.patch.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- with .Values.prometheusOperator.admissionWebhooks.patch.tolerations }} -{{ toYaml . | indent 8 }} - {{- end }} -{{- if .Values.prometheusOperator.admissionWebhooks.patch.securityContext }} - securityContext: -{{ toYaml .Values.prometheusOperator.admissionWebhooks.patch.securityContext | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml deleted file mode 100644 index cd1ee7e47..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/psp.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -{{- if .Values.global.rbac.pspAnnotations }} -{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-admission -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml deleted file mode 100644 index a64e982a3..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml deleted file mode 100644 index d71362983..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/rolebinding.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-prometheus-stack.fullname" . }}-admission -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml deleted file mode 100644 index 4fd52ae0a..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/job-patch/serviceaccount.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled .Values.prometheusOperator.admissionWebhooks.patch.enabled .Values.global.rbac.create (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml deleted file mode 100644 index 7a12754ec..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/mutatingWebhookConfiguration.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }} -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission -{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -webhooks: - - name: prometheusrulemutate.monitoring.coreos.com - {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} - failurePolicy: Ignore - {{- else }} - failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} - {{- end }} - rules: - - apiGroups: - - monitoring.coreos.com - apiVersions: - - "*" - resources: - - prometheusrules - operations: - - CREATE - - UPDATE - clientConfig: - service: - namespace: {{ template "kube-prometheus-stack.namespace" . }} - name: {{ template "kube-prometheus-stack.operator.fullname" $ }} - path: /admission-prometheusrules/mutate - {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} - caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} - {{- end }} - timeoutSeconds: {{ .Values.prometheusOperator.admissionWebhooks.timeoutSeconds }} - admissionReviewVersions: ["v1", "v1beta1"] - sideEffects: None -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml b/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml deleted file mode 100644 index 924265941..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/admission-webhooks/validatingWebhookConfiguration.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.admissionWebhooks.enabled }} -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission -{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }} - annotations: - certmanager.k8s.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} - cert-manager.io/inject-ca-from: {{ printf "%s/%s-admission" .Release.Namespace (include "kube-prometheus-stack.fullname" .) | quote }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-admission -{{- include "kube-prometheus-stack.labels" $ | indent 4 }} -webhooks: - - name: prometheusrulemutate.monitoring.coreos.com - {{- if .Values.prometheusOperator.admissionWebhooks.patch.enabled }} - failurePolicy: Ignore - {{- else }} - failurePolicy: {{ .Values.prometheusOperator.admissionWebhooks.failurePolicy }} - {{- end }} - rules: - - apiGroups: - - monitoring.coreos.com - apiVersions: - - "*" - resources: - - prometheusrules - operations: - - CREATE - - UPDATE - clientConfig: - service: - namespace: {{ template "kube-prometheus-stack.namespace" . }} - name: {{ template "kube-prometheus-stack.operator.fullname" $ }} - path: /admission-prometheusrules/validate - {{- if and .Values.prometheusOperator.admissionWebhooks.caBundle (not .Values.prometheusOperator.admissionWebhooks.patch.enabled) (not .Values.prometheusOperator.admissionWebhooks.certManager.enabled) }} - caBundle: {{ .Values.prometheusOperator.admissionWebhooks.caBundle }} - {{- end }} - admissionReviewVersions: ["v1", "v1beta1"] - sideEffects: None -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/certmanager.yaml b/charts/rancher-monitoring/templates/prometheus-operator/certmanager.yaml deleted file mode 100644 index a1e06aec4..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/certmanager.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- if .Values.prometheusOperator.admissionWebhooks.certManager.enabled -}} -{{- if not .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef -}} -# Create a selfsigned Issuer, in order to create a root CA certificate for -# signing webhook serving certificates -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer - namespace: {{ template "kube-prometheus-stack.namespace" . }} -spec: - selfSigned: {} ---- -# Generate a CA Certificate used to sign certificates for the webhook -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-root-cert - namespace: {{ template "kube-prometheus-stack.namespace" . }} -spec: - secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert - duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.rootCert.duration | default "43800h0m0s" | quote }} - issuerRef: - name: {{ template "kube-prometheus-stack.fullname" . }}-self-signed-issuer - commonName: "ca.webhook.kube-prometheus-stack" - isCA: true ---- -# Create an Issuer that uses the above generated CA certificate to issue certs -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer - namespace: {{ template "kube-prometheus-stack.namespace" . }} -spec: - ca: - secretName: {{ template "kube-prometheus-stack.fullname" . }}-root-cert -{{- end }} ---- -# generate a server certificate for the apiservices to use -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - namespace: {{ template "kube-prometheus-stack.namespace" . }} -spec: - secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission - duration: {{ .Values.prometheusOperator.admissionWebhooks.certManager.admissionCert.duration | default "8760h0m0s" | quote }} - issuerRef: - {{- if .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef }} - {{- toYaml .Values.prometheusOperator.admissionWebhooks.certManager.issuerRef | nindent 4 }} - {{- else }} - name: {{ template "kube-prometheus-stack.fullname" . }}-root-issuer - {{- end }} - dnsNames: - - {{ template "kube-prometheus-stack.operator.fullname" . }} - - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }} - - {{ template "kube-prometheus-stack.operator.fullname" . }}.{{ template "kube-prometheus-stack.namespace" . }}.svc -{{- end -}} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/clusterrole.yaml b/charts/rancher-monitoring/templates/prometheus-operator/clusterrole.yaml deleted file mode 100644 index 300956a1d..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/clusterrole.yaml +++ /dev/null @@ -1,81 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-operator - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - alertmanagers/finalizers - - alertmanagerconfigs - - prometheuses - - prometheuses/status - - prometheuses/finalizers - - thanosrulers - - thanosrulers/finalizers - - servicemonitors - - podmonitors - - probes - - prometheusrules - verbs: - - '*' -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete -- apiGroups: - - "" - resources: - - services - - services/finalizers - - endpoints - verbs: - - get - - create - - update - - delete -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/clusterrolebinding.yaml b/charts/rancher-monitoring/templates/prometheus-operator/clusterrolebinding.yaml deleted file mode 100644 index c9ab0ab87..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-operator - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-operator -subjects: -- kind: ServiceAccount - name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/deployment.yaml b/charts/rancher-monitoring/templates/prometheus-operator/deployment.yaml deleted file mode 100644 index 058d6801b..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/deployment.yaml +++ /dev/null @@ -1,164 +0,0 @@ -{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} -{{- $defaultKubeletSvcName := printf "%s-kubelet" (include "kube-prometheus-stack.fullname" .) }} -{{- if .Values.prometheusOperator.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-operator - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheusOperator.annotations }} - annotations: -{{ toYaml .Values.prometheusOperator.annotations | indent 4 }} -{{- end }} -spec: - replicas: 1 - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-operator - release: {{ $.Release.Name | quote }} - template: - metadata: - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 8 }} -{{- if .Values.prometheusOperator.podLabels }} -{{ toYaml .Values.prometheusOperator.podLabels | indent 8 }} -{{- end }} -{{- if .Values.prometheusOperator.podAnnotations }} - annotations: -{{ toYaml .Values.prometheusOperator.podAnnotations | indent 8 }} -{{- end }} - spec: - {{- if .Values.prometheusOperator.priorityClassName }} - priorityClassName: {{ .Values.prometheusOperator.priorityClassName }} - {{- end }} - containers: - - name: {{ template "kube-prometheus-stack.name" . }} - {{- if .Values.prometheusOperator.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}@sha256:{{ .Values.prometheusOperator.image.sha }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.prometheusOperator.image.repository }}:{{ .Values.prometheusOperator.image.tag }}" - {{- end }} - imagePullPolicy: "{{ .Values.prometheusOperator.image.pullPolicy }}" - args: - {{- if .Values.prometheusOperator.kubeletService.enabled }} - - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ default $defaultKubeletSvcName .Values.prometheusOperator.kubeletService.name }} - {{- end }} - {{- if .Values.prometheusOperator.logFormat }} - - --log-format={{ .Values.prometheusOperator.logFormat }} - {{- end }} - {{- if .Values.prometheusOperator.logLevel }} - - --log-level={{ .Values.prometheusOperator.logLevel }} - {{- end }} - {{- if .Values.prometheusOperator.denyNamespaces }} - - --deny-namespaces={{ tpl (.Values.prometheusOperator.denyNamespaces | join ",") $ }} - {{- end }} - {{- with $.Values.prometheusOperator.namespaces }} - {{- $namespaces := list }} - {{- if .releaseNamespace }} - {{- $namespaces = append $namespaces $namespace }} - {{- end }} - {{- if .additional }} - {{- range $ns := .additional }} - {{- $namespaces = append $namespaces (tpl $ns $) }} - {{- end }} - {{- end }} - - --namespaces={{ $namespaces | mustUniq | join "," }} - {{- end }} - - --localhost=127.0.0.1 - {{- if .Values.prometheusOperator.prometheusDefaultBaseImage }} - - --prometheus-default-base-image={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusDefaultBaseImage }} - {{- end }} - {{- if .Values.prometheusOperator.alertmanagerDefaultBaseImage }} - - --alertmanager-default-base-image={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.alertmanagerDefaultBaseImage }} - {{- end }} - {{- if .Values.prometheusOperator.prometheusConfigReloader.image.sha }} - - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag }}@sha256:{{ .Values.prometheusOperator.prometheusConfigReloader.image.sha }} - {{- else }} - - --prometheus-config-reloader={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.prometheusConfigReloader.image.repository }}:{{ .Values.prometheusOperator.prometheusConfigReloader.image.tag }} - {{- end }} - - --config-reloader-cpu-request={{ .Values.prometheusOperator.prometheusConfigReloader.resources.requests.cpu }} - - --config-reloader-cpu-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.cpu }} - - --config-reloader-memory-request={{ .Values.prometheusOperator.prometheusConfigReloader.resources.requests.memory }} - - --config-reloader-memory-limit={{ .Values.prometheusOperator.prometheusConfigReloader.resources.limits.memory }} - {{- if .Values.prometheusOperator.alertmanagerInstanceNamespaces }} - - --alertmanager-instance-namespaces={{ .Values.prometheusOperator.alertmanagerInstanceNamespaces | join "," }} - {{- end }} - {{- if .Values.prometheusOperator.alertmanagerConfigNamespaces }} - - --alertmanager-config-namespaces={{ .Values.prometheusOperator.alertmanagerConfigNamespaces | join "," }} - {{- end }} - {{- if .Values.prometheusOperator.prometheusInstanceNamespaces }} - - --prometheus-instance-namespaces={{ .Values.prometheusOperator.prometheusInstanceNamespaces | join "," }} - {{- end }} - {{- if .Values.prometheusOperator.thanosImage.sha }} - - --thanos-default-base-image={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }}@sha256:{{ .Values.prometheusOperator.thanosImage.sha }} - {{- else }} - - --thanos-default-base-image={{ template "system_default_registry" . }}{{ .Values.prometheusOperator.thanosImage.repository }}:{{ .Values.prometheusOperator.thanosImage.tag }} - {{- end }} - {{- if .Values.prometheusOperator.thanosRulerInstanceNamespaces }} - - --thanos-ruler-instance-namespaces={{ .Values.prometheusOperator.thanosRulerInstanceNamespaces | join "," }} - {{- end }} - {{- if .Values.prometheusOperator.secretFieldSelector }} - - --secret-field-selector={{ .Values.prometheusOperator.secretFieldSelector }} - {{- end }} - {{- if .Values.prometheusOperator.clusterDomain }} - - --cluster-domain={{ .Values.prometheusOperator.clusterDomain }} - {{- end }} - {{- if .Values.prometheusOperator.tls.enabled }} - - --web.enable-tls=true - - --web.cert-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.crt{{ else }}cert{{ end }} - - --web.key-file=/cert/{{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}tls.key{{ else }}key{{ end }} - - --web.listen-address=:{{ .Values.prometheusOperator.tls.internalPort }} - - --web.tls-min-version={{ .Values.prometheusOperator.tls.tlsMinVersion }} - ports: - - containerPort: {{ .Values.prometheusOperator.tls.internalPort }} - name: https - {{- else }} - ports: - - containerPort: 8080 - name: http - {{- end }} - resources: -{{ toYaml .Values.prometheusOperator.resources | indent 12 }} - securityContext: -{{ toYaml .Values.prometheusOperator.containerSecurityContext | indent 12 }} -{{- if .Values.prometheusOperator.tls.enabled }} - volumeMounts: - - name: tls-secret - mountPath: /cert - readOnly: true - volumes: - - name: tls-secret - secret: - defaultMode: 420 - secretName: {{ template "kube-prometheus-stack.fullname" . }}-admission -{{- end }} - {{- with .Values.prometheusOperator.dnsConfig }} - dnsConfig: -{{ toYaml . | indent 8 }} - {{- end }} -{{- if .Values.prometheusOperator.securityContext }} - securityContext: -{{ toYaml .Values.prometheusOperator.securityContext | indent 8 }} -{{- end }} - serviceAccountName: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} -{{- if .Values.prometheusOperator.hostNetwork }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet -{{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} -{{- with .Values.prometheusOperator.nodeSelector }} -{{ toYaml . | indent 8 }} -{{- end }} - {{- with .Values.prometheusOperator.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} -{{- with .Values.prometheusOperator.tolerations }} -{{ toYaml . | indent 8 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrole.yaml b/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrole.yaml deleted file mode 100644 index 9d9019a43..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-operator -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrolebinding.yaml deleted file mode 100644 index 2dea3e36c..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-operator-psp -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/psp.yaml b/charts/rancher-monitoring/templates/prometheus-operator/psp.yaml deleted file mode 100644 index 5d9408d74..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/psp.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-operator - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{- if .Values.global.rbac.pspAnnotations }} - annotations: -{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} -{{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' - hostNetwork: {{ .Values.prometheusOperator.hostNetwork }} - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/service.yaml b/charts/rancher-monitoring/templates/prometheus-operator/service.yaml deleted file mode 100644 index b5ef5b93d..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/service.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.prometheusOperator.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-operator - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheusOperator.service.labels }} -{{ toYaml .Values.prometheusOperator.service.labels | indent 4 }} -{{- end }} -{{- if .Values.prometheusOperator.service.annotations }} - annotations: -{{ toYaml .Values.prometheusOperator.service.annotations | indent 4 }} -{{- end }} -spec: -{{- if .Values.prometheusOperator.service.clusterIP }} - clusterIP: {{ .Values.prometheusOperator.service.clusterIP }} -{{- end }} -{{- if .Values.prometheusOperator.service.externalIPs }} - externalIPs: -{{ toYaml .Values.prometheusOperator.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.prometheusOperator.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.prometheusOperator.service.loadBalancerIP }} -{{- end }} -{{- if .Values.prometheusOperator.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.prometheusOperator.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} -{{- if ne .Values.prometheusOperator.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.prometheusOperator.service.externalTrafficPolicy }} -{{- end }} - ports: - {{- if not .Values.prometheusOperator.tls.enabled }} - - name: http - {{- if eq .Values.prometheusOperator.service.type "NodePort" }} - nodePort: {{ .Values.prometheusOperator.service.nodePort }} - {{- end }} - port: 8080 - targetPort: http - {{- end }} - {{- if .Values.prometheusOperator.tls.enabled }} - - name: https - {{- if eq .Values.prometheusOperator.service.type "NodePort"}} - nodePort: {{ .Values.prometheusOperator.service.nodePortTls }} - {{- end }} - port: 443 - targetPort: https - {{- end }} - selector: - app: {{ template "kube-prometheus-stack.name" . }}-operator - release: {{ $.Release.Name | quote }} - type: "{{ .Values.prometheusOperator.service.type }}" -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/serviceaccount.yaml b/charts/rancher-monitoring/templates/prometheus-operator/serviceaccount.yaml deleted file mode 100644 index 781975f32..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/serviceaccount.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus-stack.operator.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator - app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus-operator - app.kubernetes.io/component: prometheus-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus-operator/servicemonitor.yaml b/charts/rancher-monitoring/templates/prometheus-operator/servicemonitor.yaml deleted file mode 100644 index 3af46529c..000000000 --- a/charts/rancher-monitoring/templates/prometheus-operator/servicemonitor.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if and .Values.prometheusOperator.enabled .Values.prometheusOperator.serviceMonitor.selfMonitor }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-operator - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-operator -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - endpoints: - {{- if .Values.prometheusOperator.tls.enabled }} - - port: https - scheme: https - tlsConfig: - serverName: {{ template "kube-prometheus-stack.operator.fullname" . }} - ca: - secret: - name: {{ template "kube-prometheus-stack.fullname" . }}-admission - key: {{ if .Values.prometheusOperator.admissionWebhooks.certManager.enabled }}ca.crt{{ else }}ca{{ end }} - optional: false - {{- else }} - - port: http - {{- end }} - honorLabels: true - {{- if .Values.prometheusOperator.serviceMonitor.interval }} - interval: {{ .Values.prometheusOperator.serviceMonitor.interval }} - {{- end }} - metricRelabelings: - {{- if .Values.prometheusOperator.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.prometheusOperator.serviceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.prometheusOperator.serviceMonitor.relabelings }} - relabelings: -{{ toYaml .Values.prometheusOperator.serviceMonitor.relabelings | indent 6 }} -{{- end }} - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-operator - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/_rules.tpl b/charts/rancher-monitoring/templates/prometheus/_rules.tpl deleted file mode 100644 index e8baf98e4..000000000 --- a/charts/rancher-monitoring/templates/prometheus/_rules.tpl +++ /dev/null @@ -1,36 +0,0 @@ -{{- /* -Generated file. Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- define "rules.names" }} -rules: - - "alertmanager.rules" - - "config-reloaders" - - "etcd" - - "general.rules" - - "k8s.rules" - - "kube-apiserver-availability.rules" - - "kube-apiserver-burnrate.rules" - - "kube-apiserver-histogram.rules" - - "kube-apiserver-slos" - - "kube-prometheus-general.rules" - - "kube-prometheus-node-recording.rules" - - "kube-scheduler.rules" - - "kube-state-metrics" - - "kubelet.rules" - - "kubernetes-apps" - - "kubernetes-resources" - - "kubernetes-storage" - - "kubernetes-system" - - "kubernetes-system-kube-proxy" - - "kubernetes-system-apiserver" - - "kubernetes-system-kubelet" - - "kubernetes-system-controller-manager" - - "kubernetes-system-scheduler" - - "node-exporter.rules" - - "node-exporter" - - "node.rules" - - "node-network" - - "prometheus-operator" - - "prometheus" -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/additionalAlertRelabelConfigs.yaml b/charts/rancher-monitoring/templates/prometheus/additionalAlertRelabelConfigs.yaml deleted file mode 100644 index bff930981..000000000 --- a/charts/rancher-monitoring/templates/prometheus/additionalAlertRelabelConfigs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} - annotations: -{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-relabel-confg -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -data: - additional-alert-relabel-configs.yaml: {{ toYaml .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs | b64enc | quote }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/additionalAlertmanagerConfigs.yaml b/charts/rancher-monitoring/templates/prometheus/additionalAlertmanagerConfigs.yaml deleted file mode 100644 index 2fe8fdb81..000000000 --- a/charts/rancher-monitoring/templates/prometheus/additionalAlertmanagerConfigs.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} - annotations: -{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus-am-confg -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -data: - additional-alertmanager-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs) . | b64enc | quote }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/additionalPrometheusRules.yaml b/charts/rancher-monitoring/templates/prometheus/additionalPrometheusRules.yaml deleted file mode 100644 index cb4aabaa7..000000000 --- a/charts/rancher-monitoring/templates/prometheus/additionalPrometheusRules.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{- if or .Values.additionalPrometheusRules .Values.additionalPrometheusRulesMap}} -apiVersion: v1 -kind: List -metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-additional-prometheus-rules - namespace: {{ template "kube-prometheus-stack.namespace" . }} -items: -{{- if .Values.additionalPrometheusRulesMap }} -{{- range $prometheusRuleName, $prometheusRule := .Values.additionalPrometheusRulesMap }} - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: {{ template "kube-prometheus-stack.name" $ }}-{{ $prometheusRuleName }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }} -{{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if $prometheusRule.additionalLabels }} -{{ toYaml $prometheusRule.additionalLabels | indent 8 }} - {{- end }} - spec: - groups: -{{ toYaml $prometheusRule.groups| indent 8 }} -{{- end }} -{{- else }} -{{- range .Values.additionalPrometheusRules }} - - apiVersion: monitoring.coreos.com/v1 - kind: PrometheusRule - metadata: - name: {{ template "kube-prometheus-stack.name" $ }}-{{ .name }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }} -{{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if .additionalLabels }} -{{ toYaml .additionalLabels | indent 8 }} - {{- end }} - spec: - groups: -{{ toYaml .groups| indent 8 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/additionalScrapeConfigs.yaml b/charts/rancher-monitoring/templates/prometheus/additionalScrapeConfigs.yaml deleted file mode 100644 index ebdf766fd..000000000 --- a/charts/rancher-monitoring/templates/prometheus/additionalScrapeConfigs.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations }} - annotations: -{{ toYaml .Values.prometheus.prometheusSpec.additionalPrometheusSecretsAnnotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus-scrape-confg -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -data: -{{- if eq ( typeOf .Values.prometheus.prometheusSpec.additionalScrapeConfigs ) "string" }} - additional-scrape-configs.yaml: {{ tpl .Values.prometheus.prometheusSpec.additionalScrapeConfigs $ | b64enc | quote }} -{{- else }} - additional-scrape-configs.yaml: {{ tpl (toYaml .Values.prometheus.prometheusSpec.additionalScrapeConfigs) $ | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/clusterrole.yaml b/charts/rancher-monitoring/templates/prometheus/clusterrole.yaml deleted file mode 100644 index 3585b5db1..000000000 --- a/charts/rancher-monitoring/templates/prometheus/clusterrole.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -rules: -# This permission are not in the kube-prometheus repo -# they're grabbed from https://github.com/prometheus/prometheus/blob/master/documentation/examples/rbac-setup.yml -- apiGroups: [""] - resources: - - nodes - - nodes/metrics - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] -- apiGroups: - - "networking.k8s.io" - resources: - - ingresses - verbs: ["get", "list", "watch"] -- nonResourceURLs: ["/metrics", "/metrics/cadvisor"] - verbs: ["get"] -{{- if .Values.prometheus.additionalRulesForClusterRole }} -{{ toYaml .Values.prometheus.additionalRulesForClusterRole | indent 0 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/clusterrolebinding.yaml b/charts/rancher-monitoring/templates/prometheus/clusterrolebinding.yaml deleted file mode 100644 index 9fc4f65da..000000000 --- a/charts/rancher-monitoring/templates/prometheus/clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.global.rbac.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} - diff --git a/charts/rancher-monitoring/templates/prometheus/csi-secret.yaml b/charts/rancher-monitoring/templates/prometheus/csi-secret.yaml deleted file mode 100644 index 89399cec8..000000000 --- a/charts/rancher-monitoring/templates/prometheus/csi-secret.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.prometheus.prometheusSpec.thanos.secretProviderClass }} ---- -apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 -kind: SecretProviderClass -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -spec: -{{ toYaml .Values.prometheus.prometheusSpec.thanos.secretProviderClass | indent 2 }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/extrasecret.yaml b/charts/rancher-monitoring/templates/prometheus/extrasecret.yaml deleted file mode 100644 index 17f3478a4..000000000 --- a/charts/rancher-monitoring/templates/prometheus/extrasecret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.prometheus.extraSecret.data -}} -{{- $secretName := printf "prometheus-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ default $secretName .Values.prometheus.extraSecret.name }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.prometheus.extraSecret.annotations }} - annotations: -{{ toYaml .Values.prometheus.extraSecret.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus - app.kubernetes.io/component: prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -data: -{{- range $key, $val := .Values.prometheus.extraSecret.data }} - {{ $key }}: {{ $val | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/ingress.yaml b/charts/rancher-monitoring/templates/prometheus/ingress.yaml deleted file mode 100644 index 91fadf905..000000000 --- a/charts/rancher-monitoring/templates/prometheus/ingress.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.ingress.enabled -}} - {{- $pathType := .Values.prometheus.ingress.pathType | default "ImplementationSpecific" -}} - {{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" -}} - {{- $servicePort := .Values.prometheus.ingress.servicePort | default .Values.prometheus.service.port -}} - {{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix -}} - {{- $paths := .Values.prometheus.ingress.paths | default $routePrefix -}} - {{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} - {{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} -kind: Ingress -metadata: -{{- if .Values.prometheus.ingress.annotations }} - annotations: -{{ toYaml .Values.prometheus.ingress.annotations | indent 4 }} -{{- end }} - name: {{ $serviceName }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.ingress.labels }} -{{ toYaml .Values.prometheus.ingress.labels | indent 4 }} -{{- end }} -spec: - {{- if $apiIsStable }} - {{- if .Values.prometheus.ingress.ingressClassName }} - ingressClassName: {{ .Values.prometheus.ingress.ingressClassName }} - {{- end }} - {{- end }} - rules: - {{- if .Values.prometheus.ingress.hosts }} - {{- range $host := .Values.prometheus.ingress.hosts }} - - host: {{ tpl $host $ }} - http: - paths: - {{- range $p := $paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- range $p := $paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.prometheus.ingress.tls }} - tls: -{{ tpl (toYaml .Values.prometheus.ingress.tls | indent 4) . }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/templates/prometheus/ingressThanosSidecar.yaml b/charts/rancher-monitoring/templates/prometheus/ingressThanosSidecar.yaml deleted file mode 100644 index 7a338597b..000000000 --- a/charts/rancher-monitoring/templates/prometheus/ingressThanosSidecar.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.thanosIngress.enabled }} -{{- $pathType := .Values.prometheus.thanosIngress.pathType | default "" }} -{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} -{{- $thanosPort := .Values.prometheus.thanosIngress.servicePort -}} -{{- $routePrefix := list .Values.prometheus.prometheusSpec.routePrefix }} -{{- $paths := .Values.prometheus.thanosIngress.paths | default $routePrefix -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} -kind: Ingress -metadata: -{{- if .Values.prometheus.thanosIngress.annotations }} - annotations: -{{ toYaml .Values.prometheus.thanosIngress.annotations | indent 4 }} -{{- end }} - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-gateway - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.thanosIngress.labels }} -{{ toYaml .Values.prometheus.thanosIngress.labels | indent 4 }} -{{- end }} -spec: - {{- if $apiIsStable }} - {{- if .Values.prometheus.thanosIngress.ingressClassName }} - ingressClassName: {{ .Values.prometheus.thanosIngress.ingressClassName }} - {{- end }} - {{- end }} - rules: - {{- if .Values.prometheus.thanosIngress.hosts }} - {{- range $host := .Values.prometheus.thanosIngress.hosts }} - - host: {{ tpl $host $ }} - http: - paths: - {{- range $p := $paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ $serviceName }} - port: - number: {{ $thanosPort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $thanosPort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- range $p := $paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ $serviceName }} - port: - number: {{ $thanosPort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $thanosPort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.prometheus.thanosIngress.tls }} - tls: -{{ tpl (toYaml .Values.prometheus.thanosIngress.tls | indent 4) . }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/templates/prometheus/ingressperreplica.yaml b/charts/rancher-monitoring/templates/prometheus/ingressperreplica.yaml deleted file mode 100644 index df631993b..000000000 --- a/charts/rancher-monitoring/templates/prometheus/ingressperreplica.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled .Values.prometheus.ingressPerReplica.enabled }} -{{- $pathType := .Values.prometheus.ingressPerReplica.pathType | default "" }} -{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} -{{- $servicePort := .Values.prometheus.servicePerReplica.port -}} -{{- $ingressValues := .Values.prometheus.ingressPerReplica -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: v1 -kind: List -metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-ingressperreplica - namespace: {{ template "kube-prometheus-stack.namespace" $ }} -items: -{{ range $i, $e := until $count }} - - kind: Ingress - apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" $ }} - metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ include "kube-prometheus-stack.name" $ }}-prometheus - {{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if $ingressValues.labels }} -{{ toYaml $ingressValues.labels | indent 8 }} - {{- end }} - {{- if $ingressValues.annotations }} - annotations: -{{ toYaml $ingressValues.annotations | indent 8 }} - {{- end }} - spec: - {{- if $apiIsStable }} - {{- if $ingressValues.ingressClassName }} - ingressClassName: {{ $ingressValues.ingressClassName }} - {{- end }} - {{- end }} - rules: - - host: {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} - http: - paths: - {{- range $p := $ingressValues.paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- if or $ingressValues.tlsSecretName $ingressValues.tlsSecretPerReplica.enabled }} - tls: - - hosts: - - {{ $ingressValues.hostPrefix }}-{{ $i }}.{{ $ingressValues.hostDomain }} - {{- if $ingressValues.tlsSecretPerReplica.enabled }} - secretName: {{ $ingressValues.tlsSecretPerReplica.prefix }}-{{ $i }} - {{- else }} - secretName: {{ $ingressValues.tlsSecretName }} - {{- end }} - {{- end }} -{{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/templates/prometheus/nginx-config.yaml b/charts/rancher-monitoring/templates/prometheus/nginx-config.yaml deleted file mode 100644 index e4d91f9a9..000000000 --- a/charts/rancher-monitoring/templates/prometheus/nginx-config.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: prometheus-nginx-proxy-config - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.annotations }} - annotations: -{{ toYaml .Values.prometheus.annotations | indent 4 }} -{{- end }} -data: - nginx.conf: |- - worker_processes auto; - error_log /dev/stdout warn; - pid /var/cache/nginx/nginx.pid; - - events { - worker_connections 1024; - } - - http { - include /etc/nginx/mime.types; - log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; - - proxy_connect_timeout 10; - proxy_read_timeout 180; - proxy_send_timeout 5; - proxy_buffering off; - proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g; - - server { - listen 8081; - access_log off; - - gzip on; - gzip_min_length 1k; - gzip_comp_level 2; - gzip_types text/plain application/javascript application/x-javascript text/css application/xml text/javascript image/jpeg image/gif image/png; - gzip_vary on; - gzip_disable "MSIE [1-6]\."; - - proxy_set_header Host $host; - - location / { - proxy_cache my_zone; - proxy_cache_valid 200 302 1d; - proxy_cache_valid 301 30d; - proxy_cache_valid any 5m; - proxy_cache_bypass $http_cache_control; - add_header X-Proxy-Cache $upstream_cache_status; - add_header Cache-Control "public"; - - proxy_pass http://localhost:9090/; - - sub_filter_once off; - sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";'; - - if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) { - expires 90d; - } - - rewrite ^/k8s/clusters/.*/proxy(.*) /$1 break; - - } - } - } diff --git a/charts/rancher-monitoring/templates/prometheus/podDisruptionBudget.yaml b/charts/rancher-monitoring/templates/prometheus/podDisruptionBudget.yaml deleted file mode 100644 index 02a320eff..000000000 --- a/charts/rancher-monitoring/templates/prometheus/podDisruptionBudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.podDisruptionBudget.enabled }} -apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - {{- if .Values.prometheus.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.prometheus.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.prometheus.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.prometheus.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: prometheus - prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/podmonitors.yaml b/charts/rancher-monitoring/templates/prometheus/podmonitors.yaml deleted file mode 100644 index 95d568e13..000000000 --- a/charts/rancher-monitoring/templates/prometheus/podmonitors.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPodMonitors }} -apiVersion: v1 -kind: List -items: -{{- range .Values.prometheus.additionalPodMonitors }} - - apiVersion: monitoring.coreos.com/v1 - kind: PodMonitor - metadata: - name: {{ .name }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-prometheus -{{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if .additionalLabels }} -{{ toYaml .additionalLabels | indent 8 }} - {{- end }} - spec: - podMetricsEndpoints: -{{ toYaml .podMetricsEndpoints | indent 8 }} - {{- if .jobLabel }} - jobLabel: {{ .jobLabel }} - {{- end }} - {{- if .namespaceSelector }} - namespaceSelector: -{{ toYaml .namespaceSelector | indent 8 }} - {{- end }} - selector: -{{ toYaml .selector | indent 8 }} - {{- if .podTargetLabels }} - podTargetLabels: -{{ toYaml .podTargetLabels | indent 8 }} - {{- end }} - {{- if .sampleLimit }} - sampleLimit: {{ .sampleLimit }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/prometheus.yaml b/charts/rancher-monitoring/templates/prometheus/prometheus.yaml deleted file mode 100644 index ffa00b8d9..000000000 --- a/charts/rancher-monitoring/templates/prometheus/prometheus.yaml +++ /dev/null @@ -1,388 +0,0 @@ -{{- if .Values.prometheus.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: Prometheus -metadata: - name: {{ template "kube-prometheus-stack.prometheus.crname" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.annotations }} - annotations: -{{ toYaml .Values.prometheus.annotations | indent 4 }} -{{- end }} -spec: - alerting: - alertmanagers: -{{- if .Values.prometheus.prometheusSpec.alertingEndpoints }} -{{ toYaml .Values.prometheus.prometheusSpec.alertingEndpoints | indent 6 }} -{{- else if .Values.alertmanager.enabled }} - - namespace: {{ template "kube-prometheus-stack.namespace" . }} - name: {{ template "kube-prometheus-stack.fullname" . }}-alertmanager - port: {{ .Values.alertmanager.alertmanagerSpec.portName }} - {{- if .Values.alertmanager.alertmanagerSpec.routePrefix }} - pathPrefix: "{{ .Values.alertmanager.alertmanagerSpec.routePrefix }}" - {{- end }} - apiVersion: {{ .Values.alertmanager.apiVersion }} -{{- else }} - [] -{{- end }} -{{- if .Values.prometheus.prometheusSpec.apiserverConfig }} - apiserverConfig: -{{ toYaml .Values.prometheus.prometheusSpec.apiserverConfig | indent 4}} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.image }} - {{- if and .Values.prometheus.prometheusSpec.image.tag .Values.prometheus.prometheusSpec.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }}@sha256:{{ .Values.prometheus.prometheusSpec.image.sha }}" - {{- else if .Values.prometheus.prometheusSpec.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.image.repository }}@sha256:{{ .Values.prometheus.prometheusSpec.image.sha }}" - {{- else if .Values.prometheus.prometheusSpec.image.tag }} - image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.image.repository }}:{{ .Values.prometheus.prometheusSpec.image.tag }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.image.repository }}" - {{- end }} - version: {{ .Values.prometheus.prometheusSpec.image.tag }} - {{- if .Values.prometheus.prometheusSpec.image.sha }} - sha: {{ .Values.prometheus.prometheusSpec.image.sha }} - {{- end }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.externalLabels }} - externalLabels: -{{ tpl (toYaml .Values.prometheus.prometheusSpec.externalLabels | indent 4) . }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.prometheusExternalLabelNameClear }} - prometheusExternalLabelName: "" -{{- else if .Values.prometheus.prometheusSpec.prometheusExternalLabelName }} - prometheusExternalLabelName: "{{ .Values.prometheus.prometheusSpec.prometheusExternalLabelName }}" -{{- end }} -{{- if .Values.prometheus.prometheusSpec.replicaExternalLabelNameClear }} - replicaExternalLabelName: "" -{{- else if .Values.prometheus.prometheusSpec.replicaExternalLabelName }} - replicaExternalLabelName: "{{ .Values.prometheus.prometheusSpec.replicaExternalLabelName }}" -{{- end }} -{{- if .Values.prometheus.prometheusSpec.enableRemoteWriteReceiver }} - enableRemoteWriteReceiver: {{ .Values.prometheus.prometheusSpec.enableRemoteWriteReceiver }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.externalUrl }} - externalUrl: "{{ tpl .Values.prometheus.prometheusSpec.externalUrl . }}" -{{- else if and .Values.prometheus.ingress.enabled .Values.prometheus.ingress.hosts }} - externalUrl: "http://{{ tpl (index .Values.prometheus.ingress.hosts 0) . }}{{ .Values.prometheus.prometheusSpec.routePrefix }}" -{{- else if not (or (kindIs "invalid" .Values.global.cattle.url) (kindIs "invalid" .Values.global.cattle.clusterId)) }} - externalUrl: "{{ .Values.global.cattle.url }}/k8s/clusters/{{ .Values.global.cattle.clusterId }}/api/v1/namespaces/{{ template "kube-prometheus-stack.namespace" . }}/services/http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}/proxy" -{{- else }} - externalUrl: http://{{ template "kube-prometheus-stack.fullname" . }}-prometheus.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.prometheus.service.port }} -{{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} -{{- if .Values.prometheus.prometheusSpec.nodeSelector }} -{{ toYaml .Values.prometheus.prometheusSpec.nodeSelector | indent 4 }} -{{- end }} - paused: {{ .Values.prometheus.prometheusSpec.paused }} - replicas: {{ .Values.prometheus.prometheusSpec.replicas }} - shards: {{ .Values.prometheus.prometheusSpec.shards }} - logLevel: {{ .Values.prometheus.prometheusSpec.logLevel }} - logFormat: {{ .Values.prometheus.prometheusSpec.logFormat }} - listenLocal: {{ .Values.prometheus.prometheusSpec.listenLocal }} - enableAdminAPI: {{ .Values.prometheus.prometheusSpec.enableAdminAPI }} -{{- if .Values.prometheus.prometheusSpec.web }} - web: -{{ toYaml .Values.prometheus.prometheusSpec.web | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.exemplars }} - exemplars: - {{ toYaml .Values.prometheus.prometheusSpec.exemplars | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.enableFeatures }} - enableFeatures: -{{- range $enableFeatures := .Values.prometheus.prometheusSpec.enableFeatures }} - - {{ tpl $enableFeatures $ }} -{{- end }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.scrapeInterval }} - scrapeInterval: {{ .Values.prometheus.prometheusSpec.scrapeInterval }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.scrapeTimeout }} - scrapeTimeout: {{ .Values.prometheus.prometheusSpec.scrapeTimeout }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.evaluationInterval }} - evaluationInterval: {{ .Values.prometheus.prometheusSpec.evaluationInterval }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.resources }} - resources: -{{ toYaml .Values.prometheus.prometheusSpec.resources | indent 4 }} -{{- end }} - retention: {{ .Values.prometheus.prometheusSpec.retention | quote }} -{{- if .Values.prometheus.prometheusSpec.retentionSize }} - retentionSize: {{ .Values.prometheus.prometheusSpec.retentionSize | quote }} -{{- end }} -{{- if eq .Values.prometheus.prometheusSpec.walCompression false }} - walCompression: false -{{ else }} - walCompression: true -{{- end }} -{{- if .Values.prometheus.prometheusSpec.routePrefix }} - routePrefix: {{ .Values.prometheus.prometheusSpec.routePrefix | quote }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.secrets }} - secrets: -{{ toYaml .Values.prometheus.prometheusSpec.secrets | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.configMaps }} - configMaps: -{{ toYaml .Values.prometheus.prometheusSpec.configMaps | indent 4 }} -{{- end }} - serviceAccountName: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} -{{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }} - serviceMonitorSelector: -{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }} -{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }} - serviceMonitorSelector: - matchLabels: - release: {{ $.Release.Name | quote }} -{{ else }} - serviceMonitorSelector: {} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector }} - serviceMonitorNamespaceSelector: -{{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorNamespaceSelector | indent 4 }} -{{ else }} - serviceMonitorNamespaceSelector: {} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.podMonitorSelector }} - podMonitorSelector: -{{ toYaml .Values.prometheus.prometheusSpec.podMonitorSelector | indent 4 }} -{{ else if .Values.prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues }} - podMonitorSelector: - matchLabels: - release: {{ $.Release.Name | quote }} -{{ else }} - podMonitorSelector: {} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector }} - podMonitorNamespaceSelector: -{{ toYaml .Values.prometheus.prometheusSpec.podMonitorNamespaceSelector | indent 4 }} -{{ else }} - podMonitorNamespaceSelector: {} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.probeSelector }} - probeSelector: -{{ toYaml .Values.prometheus.prometheusSpec.probeSelector | indent 4 }} -{{ else if .Values.prometheus.prometheusSpec.probeSelectorNilUsesHelmValues }} - probeSelector: - matchLabels: - release: {{ $.Release.Name | quote }} -{{ else }} - probeSelector: {} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.probeNamespaceSelector }} - probeNamespaceSelector: -{{ toYaml .Values.prometheus.prometheusSpec.probeNamespaceSelector | indent 4 }} -{{ else }} - probeNamespaceSelector: {} -{{- end }} -{{- if (or .Values.prometheus.prometheusSpec.remoteRead .Values.prometheus.prometheusSpec.additionalRemoteRead) }} - remoteRead: -{{- if .Values.prometheus.prometheusSpec.remoteRead }} -{{ tpl (toYaml .Values.prometheus.prometheusSpec.remoteRead | indent 4) . }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.additionalRemoteRead }} -{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteRead | indent 4 }} -{{- end }} -{{- end }} -{{- if (or .Values.prometheus.prometheusSpec.remoteWrite .Values.prometheus.prometheusSpec.additionalRemoteWrite) }} - remoteWrite: -{{- if .Values.prometheus.prometheusSpec.remoteWrite }} -{{ tpl (toYaml .Values.prometheus.prometheusSpec.remoteWrite | indent 4) . }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.additionalRemoteWrite }} -{{ toYaml .Values.prometheus.prometheusSpec.additionalRemoteWrite | indent 4 }} -{{- end }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.securityContext }} - securityContext: -{{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }} - ruleNamespaceSelector: -{{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }} -{{ else }} - ruleNamespaceSelector: {} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.ruleSelector }} - ruleSelector: -{{ toYaml .Values.prometheus.prometheusSpec.ruleSelector | indent 4}} -{{- else if .Values.prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues }} - ruleSelector: - matchLabels: - release: {{ $.Release.Name | quote }} -{{ else }} - ruleSelector: {} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.storageSpec }} - storage: -{{ tpl (toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4) . }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.podMetadata }} - podMetadata: -{{ tpl (toYaml .Values.prometheus.prometheusSpec.podMetadata | indent 4) . }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.query }} - query: -{{ toYaml .Values.prometheus.prometheusSpec.query | indent 4}} -{{- end }} -{{- if or .Values.prometheus.prometheusSpec.podAntiAffinity .Values.prometheus.prometheusSpec.affinity }} - affinity: -{{- if .Values.prometheus.prometheusSpec.affinity }} -{{ toYaml .Values.prometheus.prometheusSpec.affinity | indent 4 }} -{{- end }} -{{- if eq .Values.prometheus.prometheusSpec.podAntiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} - labelSelector: - matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [prometheus]} - - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]} -{{- else if eq .Values.prometheus.prometheusSpec.podAntiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.prometheus.prometheusSpec.podAntiAffinityTopologyKey }} - labelSelector: - matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [prometheus]} - - {key: prometheus, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-prometheus]} -{{- end }} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} -{{- if .Values.prometheus.prometheusSpec.tolerations }} -{{ toYaml .Values.prometheus.prometheusSpec.tolerations | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml .Values.prometheus.prometheusSpec.topologySpreadConstraints | indent 4 }} -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigs }} - additionalScrapeConfigs: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-scrape-confg - key: additional-scrape-configs.yaml -{{- end }} -{{- if .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.enabled }} - additionalScrapeConfigs: - name: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.name }} - key: {{ .Values.prometheus.prometheusSpec.additionalScrapeConfigsSecret.key }} -{{- end }} -{{- if or .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret }} - additionalAlertManagerConfigs: -{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigs }} - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-confg - key: additional-alertmanager-configs.yaml -{{- end }} -{{- if .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret }} - name: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.name }} - key: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.key }} - {{- if hasKey .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret "optional" }} - optional: {{ .Values.prometheus.prometheusSpec.additionalAlertManagerConfigsSecret.optional }} - {{- end }} -{{- end }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigs }} - additionalAlertRelabelConfigs: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-am-relabel-confg - key: additional-alert-relabel-configs.yaml -{{- end }} -{{- if .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret }} - additionalAlertRelabelConfigs: - name: {{ .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret.name }} - key: {{ .Values.prometheus.prometheusSpec.additionalAlertRelabelConfigsSecret.key }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.containers }} - containers: -{{ tpl .Values.prometheus.prometheusSpec.containers $ | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.initContainers }} - initContainers: -{{ toYaml .Values.prometheus.prometheusSpec.initContainers | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.priorityClassName }} - priorityClassName: {{ .Values.prometheus.prometheusSpec.priorityClassName }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.thanos }} - thanos: -{{ toYaml .Values.prometheus.prometheusSpec.thanos | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.disableCompaction }} - disableCompaction: {{ .Values.prometheus.prometheusSpec.disableCompaction }} -{{- end }} - portName: {{ .Values.prometheus.prometheusSpec.portName }} -{{- if .Values.prometheus.prometheusSpec.volumes }} - volumes: -{{ toYaml .Values.prometheus.prometheusSpec.volumes | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.volumeMounts }} - volumeMounts: -{{ toYaml .Values.prometheus.prometheusSpec.volumeMounts | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs }} - arbitraryFSAccessThroughSMs: -{{ toYaml .Values.prometheus.prometheusSpec.arbitraryFSAccessThroughSMs | indent 4 }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.overrideHonorLabels }} - overrideHonorLabels: {{ .Values.prometheus.prometheusSpec.overrideHonorLabels }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.overrideHonorTimestamps }} - overrideHonorTimestamps: {{ .Values.prometheus.prometheusSpec.overrideHonorTimestamps }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} - ignoreNamespaceSelectors: {{ .Values.prometheus.prometheusSpec.ignoreNamespaceSelectors }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }} - enforcedNamespaceLabel: {{ .Values.prometheus.prometheusSpec.enforcedNamespaceLabel }} -{{- $prometheusDefaultRulesExcludedFromEnforce := (include "rules.names" .) | fromYaml }} - prometheusRulesExcludedFromEnforce: -{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }} - - ruleNamespace: "{{ template "kube-prometheus-stack.namespace" $ }}" - ruleName: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}" -{{- end }} -{{- if .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce }} -{{ toYaml .Values.prometheus.prometheusSpec.prometheusRulesExcludedFromEnforce | indent 4 }} -{{- end }} - excludedFromEnforcement: -{{- range $prometheusDefaultRulesExcludedFromEnforce.rules }} - - resource: prometheusrules - namespace: "{{ template "kube-prometheus-stack.namespace" $ }}" - name: "{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) . | trunc 63 | trimSuffix "-" }}" -{{- end }} -{{- if .Values.prometheus.prometheusSpec.excludedFromEnforcement }} -{{ tpl (toYaml .Values.prometheus.prometheusSpec.excludedFromEnforcement | indent 4) . }} -{{- end }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.queryLogFile }} - queryLogFile: {{ .Values.prometheus.prometheusSpec.queryLogFile }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.enforcedSampleLimit }} - enforcedSampleLimit: {{ .Values.prometheus.prometheusSpec.enforcedSampleLimit }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.enforcedTargetLimit }} - enforcedTargetLimit: {{ .Values.prometheus.prometheusSpec.enforcedTargetLimit }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.enforcedLabelLimit }} - enforcedLabelLimit: {{ .Values.prometheus.prometheusSpec.enforcedLabelLimit }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.enforcedLabelNameLengthLimit }} - enforcedLabelNameLengthLimit: {{ .Values.prometheus.prometheusSpec.enforcedLabelNameLengthLimit }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.enforcedLabelValueLengthLimit}} - enforcedLabelValueLengthLimit: {{ .Values.prometheus.prometheusSpec.enforcedLabelValueLengthLimit }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.allowOverlappingBlocks }} - allowOverlappingBlocks: {{ .Values.prometheus.prometheusSpec.allowOverlappingBlocks }} -{{- end }} -{{- if .Values.prometheus.prometheusSpec.minReadySeconds }} - minReadySeconds: {{ .Values.prometheus.prometheusSpec.minReadySeconds }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/psp-clusterrole.yaml b/charts/rancher-monitoring/templates/prometheus/psp-clusterrole.yaml deleted file mode 100644 index 0eb974eb4..000000000 --- a/charts/rancher-monitoring/templates/prometheus/psp-clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -rules: -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if semverCompare "> 1.15.0-0" $kubeTargetVersion }} -- apiGroups: ['policy'] -{{- else }} -- apiGroups: ['extensions'] -{{- end }} - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-prometheus -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/psp-clusterrolebinding.yaml b/charts/rancher-monitoring/templates/prometheus/psp-clusterrolebinding.yaml deleted file mode 100644 index ce11e5f62..000000000 --- a/charts/rancher-monitoring/templates/prometheus/psp-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus-psp -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} - diff --git a/charts/rancher-monitoring/templates/prometheus/psp.yaml b/charts/rancher-monitoring/templates/prometheus/psp.yaml deleted file mode 100644 index 9a60d8ec3..000000000 --- a/charts/rancher-monitoring/templates/prometheus/psp.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.global.rbac.create .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{- if .Values.global.rbac.pspAnnotations }} - annotations: -{{ toYaml .Values.global.rbac.pspAnnotations | indent 4 }} -{{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - privileged: false - # Allow core volume types. - volumes: - - 'configMap' - - 'emptyDir' - - 'projected' - - 'secret' - - 'downwardAPI' - - 'persistentVolumeClaim' -{{- if .Values.prometheus.podSecurityPolicy.volumes }} -{{ toYaml .Values.prometheus.podSecurityPolicy.volumes | indent 4 }} -{{- end }} - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - # Permits the container to run with root privileges as well. - rule: 'RunAsAny' - seLinux: - # This policy assumes the nodes are using AppArmor rather than SELinux. - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - # Allow adding the root group. - - min: 0 - max: 65535 - readOnlyRootFilesystem: false -{{- if .Values.prometheus.podSecurityPolicy.allowedCapabilities }} - allowedCapabilities: -{{ toYaml .Values.prometheus.podSecurityPolicy.allowedCapabilities | indent 4 }} -{{- end }} -{{- if .Values.prometheus.podSecurityPolicy.allowedHostPaths }} - allowedHostPaths: -{{ toYaml .Values.prometheus.podSecurityPolicy.allowedHostPaths | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/alertmanager.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/alertmanager.rules.yaml deleted file mode 100644 index 5e7c548f6..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/alertmanager.rules.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{- /* -Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/alertmanager-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }} -{{- $alertmanagerJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager" }} -{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} -{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.selfMonitor }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "alertmanager.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: alertmanager.rules - rules: -{{- if not (.Values.defaultRules.disabled.AlertmanagerFailedReload | default false) }} - - alert: AlertmanagerFailedReload - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Configuration has failed to load for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerfailedreload - summary: Reloading an Alertmanager configuration has failed. - expr: |- - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) == 0 - for: 10m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.AlertmanagerMembersInconsistent | default false) }} - - alert: AlertmanagerMembersInconsistent - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Alertmanager {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} has only found {{`{{`}} $value {{`}}`}} members of the {{`{{`}}$labels.job{{`}}`}} cluster. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagermembersinconsistent - summary: A member of an Alertmanager cluster has not found all other cluster members. - expr: |- - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) - < on (namespace,service) group_left - count by (namespace,service) (max_over_time(alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m])) - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.AlertmanagerFailedToSendAlerts | default false) }} - - alert: AlertmanagerFailedToSendAlerts - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Alertmanager {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod{{`}}`}} failed to send {{`{{`}} $value | humanizePercentage {{`}}`}} of notifications to {{`{{`}} $labels.integration {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerfailedtosendalerts - summary: An Alertmanager instance failed to send notifications. - expr: |- - ( - rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) - / - rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) - ) - > 0.01 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.AlertmanagerClusterFailedToSendAlerts | default false) }} - - alert: AlertmanagerClusterFailedToSendAlerts - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The minimum notification failure rate to {{`{{`}} $labels.integration {{`}}`}} sent from any instance in the {{`{{`}}$labels.job{{`}}`}} cluster is {{`{{`}} $value | humanizePercentage {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerclusterfailedtosendalerts - summary: All Alertmanager instances in a cluster failed to send notifications to a critical integration. - expr: |- - min by (namespace,service, integration) ( - rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration=~`.*`}[5m]) - / - rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration=~`.*`}[5m]) - ) - > 0.01 - for: 5m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.AlertmanagerClusterFailedToSendAlerts | default false) }} - - alert: AlertmanagerClusterFailedToSendAlerts - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The minimum notification failure rate to {{`{{`}} $labels.integration {{`}}`}} sent from any instance in the {{`{{`}}$labels.job{{`}}`}} cluster is {{`{{`}} $value | humanizePercentage {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerclusterfailedtosendalerts - summary: All Alertmanager instances in a cluster failed to send notifications to a non-critical integration. - expr: |- - min by (namespace,service, integration) ( - rate(alertmanager_notifications_failed_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration!~`.*`}[5m]) - / - rate(alertmanager_notifications_total{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}", integration!~`.*`}[5m]) - ) - > 0.01 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.AlertmanagerConfigInconsistent | default false) }} - - alert: AlertmanagerConfigInconsistent - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have different configurations. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerconfiginconsistent - summary: Alertmanager instances within the same cluster have different configurations. - expr: |- - count by (namespace,service) ( - count_values by (namespace,service) ("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) - ) - != 1 - for: 20m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.AlertmanagerClusterDown | default false) }} - - alert: AlertmanagerClusterDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have been up for less than half of the last 5m.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerclusterdown - summary: Half or more of the Alertmanager instances within the same cluster are down. - expr: |- - ( - count by (namespace,service) ( - avg_over_time(up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[5m]) < 0.5 - ) - / - count by (namespace,service) ( - up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} - ) - ) - >= 0.5 - for: 5m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.AlertmanagerClusterCrashlooping | default false) }} - - alert: AlertmanagerClusterCrashlooping - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of Alertmanager instances within the {{`{{`}}$labels.job{{`}}`}} cluster have restarted at least 5 times in the last 10m.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/alertmanager/alertmanagerclustercrashlooping - summary: Half or more of the Alertmanager instances within the same cluster are crashlooping. - expr: |- - ( - count by (namespace,service) ( - changes(process_start_time_seconds{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}[10m]) > 4 - ) - / - count by (namespace,service) ( - up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} - ) - ) - >= 0.5 - for: 5m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/config-reloaders.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/config-reloaders.yaml deleted file mode 100644 index 37109eb0b..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/config-reloaders.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- /* -Generated from 'config-reloaders' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheusOperator-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.configReloaders }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "config-reloaders" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: config-reloaders - rules: -{{- if not (.Values.defaultRules.disabled.ConfigReloaderSidecarErrors | default false) }} - - alert: ConfigReloaderSidecarErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'Errors encountered while the {{`{{`}}$labels.pod{{`}}`}} config-reloader sidecar attempts to sync config in {{`{{`}}$labels.namespace{{`}}`}} namespace. - - As a result, configuration for service running in {{`{{`}}$labels.pod{{`}}`}} may be stale and cannot be updated anymore.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/configreloadersidecarerrors - summary: config-reloader sidecar has not had a successful reload for 10m - expr: max_over_time(reloader_last_reload_successful{namespace=~".+"}[5m]) == 0 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/etcd.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/etcd.yaml deleted file mode 100644 index 1caa19395..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/etcd.yaml +++ /dev/null @@ -1,296 +0,0 @@ -{{- /* -Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/etcd/main/contrib/mixin/mixin.libsonnet -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.etcd }} -{{- if (include "exporter.kubeEtcd.enabled" .)}} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "etcd" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: etcd - rules: -{{- if not (.Values.defaultRules.disabled.etcdMembersDown | default false) }} - - alert: etcdMembersDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": members are down ({{`{{`}} $value {{`}}`}}).' - summary: etcd cluster members are down. - expr: |- - max without (endpoint) ( - sum without (instance) (up{job=~".*etcd.*"} == bool 0) - or - count without (To) ( - sum without (instance) (rate(etcd_network_peer_sent_failures_total{job=~".*etcd.*"}[120s])) > 0.01 - ) - ) - > 0 - for: 10m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdInsufficientMembers | default false) }} - - alert: etcdInsufficientMembers - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": insufficient members ({{`{{`}} $value {{`}}`}}).' - summary: etcd cluster has insufficient number of members. - expr: sum(up{job=~".*etcd.*"} == bool 1) without (instance) < ((count(up{job=~".*etcd.*"}) without (instance) + 1) / 2) - for: 3m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdNoLeader | default false) }} - - alert: etcdNoLeader - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member {{`{{`}} $labels.instance {{`}}`}} has no leader.' - summary: etcd cluster has no leader. - expr: etcd_server_has_leader{job=~".*etcd.*"} == 0 - for: 1m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdHighNumberOfLeaderChanges | default false) }} - - alert: etcdHighNumberOfLeaderChanges - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} leader changes within the last 15 minutes. Frequent elections may be a sign of insufficient resources, high network latency, or disruptions by other components and should be investigated.' - summary: etcd cluster has high number of leader changes. - expr: increase((max without (instance) (etcd_server_leader_changes_seen_total{job=~".*etcd.*"}) or 0*absent(etcd_server_leader_changes_seen_total{job=~".*etcd.*"}))[15m:1m]) >= 4 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdHighNumberOfFailedGRPCRequests | default false) }} - - alert: etcdHighNumberOfFailedGRPCRequests - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' - summary: etcd cluster has high number of failed grpc requests. - expr: |- - 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code=~"Unknown|FailedPrecondition|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded"}[5m])) without (grpc_type, grpc_code) - / - sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) without (grpc_type, grpc_code) - > 1 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdHighNumberOfFailedGRPCRequests | default false) }} - - alert: etcdHighNumberOfFailedGRPCRequests - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}}% of requests for {{`{{`}} $labels.grpc_method {{`}}`}} failed on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' - summary: etcd cluster has high number of failed grpc requests. - expr: |- - 100 * sum(rate(grpc_server_handled_total{job=~".*etcd.*", grpc_code=~"Unknown|FailedPrecondition|ResourceExhausted|Internal|Unavailable|DataLoss|DeadlineExceeded"}[5m])) without (grpc_type, grpc_code) - / - sum(rate(grpc_server_handled_total{job=~".*etcd.*"}[5m])) without (grpc_type, grpc_code) - > 5 - for: 5m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdGRPCRequestsSlow | default false) }} - - alert: etcdGRPCRequestsSlow - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile of gRPC requests is {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}} for {{`{{`}} $labels.grpc_method {{`}}`}} method.' - summary: etcd grpc requests are slow - expr: |- - histogram_quantile(0.99, sum(rate(grpc_server_handling_seconds_bucket{job=~".*etcd.*", grpc_method!="Defragment", grpc_type="unary"}[5m])) without(grpc_type)) - > 0.15 - for: 10m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdMemberCommunicationSlow | default false) }} - - alert: etcdMemberCommunicationSlow - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": member communication with {{`{{`}} $labels.To {{`}}`}} is taking {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' - summary: etcd cluster member communication is slow. - expr: |- - histogram_quantile(0.99, rate(etcd_network_peer_round_trip_time_seconds_bucket{job=~".*etcd.*"}[5m])) - > 0.15 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdHighNumberOfFailedProposals | default false) }} - - alert: etcdHighNumberOfFailedProposals - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": {{`{{`}} $value {{`}}`}} proposal failures within the last 30 minutes on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' - summary: etcd cluster has high number of proposal failures. - expr: rate(etcd_server_proposals_failed_total{job=~".*etcd.*"}[15m]) > 5 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdHighFsyncDurations | default false) }} - - alert: etcdHighFsyncDurations - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fsync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' - summary: etcd cluster 99th percentile fsync durations are too high. - expr: |- - histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m])) - > 0.5 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdHighFsyncDurations | default false) }} - - alert: etcdHighFsyncDurations - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile fsync durations are {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' - summary: etcd cluster 99th percentile fsync durations are too high. - expr: |- - histogram_quantile(0.99, rate(etcd_disk_wal_fsync_duration_seconds_bucket{job=~".*etcd.*"}[5m])) - > 1 - for: 10m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdHighCommitDurations | default false) }} - - alert: etcdHighCommitDurations - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": 99th percentile commit durations {{`{{`}} $value {{`}}`}}s on etcd instance {{`{{`}} $labels.instance {{`}}`}}.' - summary: etcd cluster 99th percentile commit durations are too high. - expr: |- - histogram_quantile(0.99, rate(etcd_disk_backend_commit_duration_seconds_bucket{job=~".*etcd.*"}[5m])) - > 0.25 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdDatabaseQuotaLowSpace | default false) }} - - alert: etcdDatabaseQuotaLowSpace - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": database size exceeds the defined quota on etcd instance {{`{{`}} $labels.instance {{`}}`}}, please defrag or increase the quota as the writes to etcd will be disabled when it is full.' - summary: etcd cluster database is running full. - expr: (last_over_time(etcd_mvcc_db_total_size_in_bytes[5m]) / last_over_time(etcd_server_quota_backend_bytes[5m]))*100 > 95 - for: 10m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdExcessiveDatabaseGrowth | default false) }} - - alert: etcdExcessiveDatabaseGrowth - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": Predicting running out of disk space in the next four hours, based on write observations within the past four hours on etcd instance {{`{{`}} $labels.instance {{`}}`}}, please check as it might be disruptive.' - summary: etcd cluster database growing very fast. - expr: predict_linear(etcd_mvcc_db_total_size_in_bytes[4h], 4*60*60) > etcd_server_quota_backend_bytes - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.etcdDatabaseHighFragmentationRatio | default false) }} - - alert: etcdDatabaseHighFragmentationRatio - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'etcd cluster "{{`{{`}} $labels.job {{`}}`}}": database size in use on instance {{`{{`}} $labels.instance {{`}}`}} is {{`{{`}} $value | humanizePercentage {{`}}`}} of the actual allocated disk space, please run defragmentation (e.g. etcdctl defrag) to retrieve the unused fragmented disk space.' - runbook_url: https://etcd.io/docs/v3.5/op-guide/maintenance/#defragmentation - summary: etcd database size in use is less than 50% of the actual allocated storage. - expr: (last_over_time(etcd_mvcc_db_total_size_in_use_in_bytes[5m]) / last_over_time(etcd_mvcc_db_total_size_in_bytes[5m])) < 0.5 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/general.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/general.rules.yaml deleted file mode 100644 index 7ab648bc0..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/general.rules.yaml +++ /dev/null @@ -1,98 +0,0 @@ -{{- /* -Generated from 'general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.general }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "general.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: general.rules - rules: -{{- if not (.Values.defaultRules.disabled.TargetDown | default false) }} - - alert: TargetDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} printf "%.4g" $value {{`}}`}}% of the {{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.service {{`}}`}} targets in {{`{{`}} $labels.namespace {{`}}`}} namespace are down.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/targetdown - summary: One or more targets are unreachable. - expr: 100 * (count(up == 0) BY (job, namespace, service) / count(up) BY (job, namespace, service)) > 10 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.Watchdog | default false) }} - - alert: Watchdog - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'This is an alert meant to ensure that the entire alerting pipeline is functional. - - This alert is always firing, therefore it should always be firing in Alertmanager - - and always fire against a receiver. There are integrations with various notification - - mechanisms that send a notification when this alert is not firing. For example the - - "DeadMansSnitch" integration in PagerDuty. - - ' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/watchdog - summary: An alert that should always be firing to certify that Alertmanager is working properly. - expr: vector(1) - labels: - severity: none -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.InfoInhibitor | default false) }} - - alert: InfoInhibitor - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'This is an alert that is used to inhibit info alerts. - - By themselves, the info-level alerts are sometimes very noisy, but they are relevant when combined with - - other alerts. - - This alert fires whenever there''s a severity="info" alert, and stops firing when another alert with a - - severity of ''warning'' or ''critical'' starts firing on the same namespace. - - This alert should be routed to a null receiver and configured to inhibit alerts with severity="info". - - ' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/infoinhibitor - summary: Info-level alert inhibition. - expr: ALERTS{severity = "info"} == 1 unless on(namespace) ALERTS{alertname != "InfoInhibitor", severity =~ "warning|critical", alertstate="firing"} == 1 - labels: - severity: none -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.yaml deleted file mode 100644 index c3e97b66e..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/k8s.rules.yaml +++ /dev/null @@ -1,173 +0,0 @@ -{{- /* -Generated from 'k8s.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.k8s }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "k8s.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: k8s.rules - rules: - - expr: |- - sum by (cluster, namespace, pod, container) ( - irate(container_cpu_usage_seconds_total{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""}[5m]) - ) * on (cluster, namespace, pod) group_left(node) topk by (cluster, namespace, pod) ( - 1, max by(cluster, namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate - - expr: |- - container_memory_working_set_bytes{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_working_set_bytes - - expr: |- - container_memory_rss{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_rss - - expr: |- - container_memory_cache{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_cache - - expr: |- - container_memory_swap{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics/cadvisor", image!=""} - * on (namespace, pod) group_left(node) topk by(namespace, pod) (1, - max by(namespace, pod, node) (kube_pod_info{node!=""}) - ) - record: node_namespace_pod_container:container_memory_swap - - expr: |- - kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster) - group_left() max by (namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) - record: cluster:namespace:pod_memory:active:kube_pod_container_resource_requests - - expr: |- - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_requests{resource="memory",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace_memory:kube_pod_container_resource_requests:sum - - expr: |- - kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster) - group_left() max by (namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) - record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_requests - - expr: |- - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_requests{resource="cpu",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace_cpu:kube_pod_container_resource_requests:sum - - expr: |- - kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} * on (namespace, pod, cluster) - group_left() max by (namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) - record: cluster:namespace:pod_memory:active:kube_pod_container_resource_limits - - expr: |- - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_limits{resource="memory",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace_memory:kube_pod_container_resource_limits:sum - - expr: |- - kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} * on (namespace, pod, cluster) - group_left() max by (namespace, pod, cluster) ( - (kube_pod_status_phase{phase=~"Pending|Running"} == 1) - ) - record: cluster:namespace:pod_cpu:active:kube_pod_container_resource_limits - - expr: |- - sum by (namespace, cluster) ( - sum by (namespace, pod, cluster) ( - max by (namespace, pod, container, cluster) ( - kube_pod_container_resource_limits{resource="cpu",job="kube-state-metrics"} - ) * on(namespace, pod, cluster) group_left() max by (namespace, pod, cluster) ( - kube_pod_status_phase{phase=~"Pending|Running"} == 1 - ) - ) - ) - record: namespace_cpu:kube_pod_container_resource_limits:sum - - expr: |- - max by (cluster, namespace, workload, pod) ( - label_replace( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="ReplicaSet"}, - "replicaset", "$1", "owner_name", "(.*)" - ) * on(replicaset, namespace) group_left(owner_name) topk by(replicaset, namespace) ( - 1, max by (replicaset, namespace, owner_name) ( - kube_replicaset_owner{job="kube-state-metrics"} - ) - ), - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: deployment - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by (cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="DaemonSet"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: daemonset - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by (cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="StatefulSet"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: statefulset - record: namespace_workload_pod:kube_pod_owner:relabel - - expr: |- - max by (cluster, namespace, workload, pod) ( - label_replace( - kube_pod_owner{job="kube-state-metrics", owner_kind="Job"}, - "workload", "$1", "owner_name", "(.*)" - ) - ) - labels: - workload_type: job - record: namespace_workload_pod:kube_pod_owner:relabel -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml deleted file mode 100644 index aa648b437..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-availability.rules.yaml +++ /dev/null @@ -1,136 +0,0 @@ -{{- /* -Generated from 'kube-apiserver-availability.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverAvailability }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-availability.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - interval: 3m - name: kube-apiserver-availability.rules - rules: - - expr: avg_over_time(code_verb:apiserver_request_total:increase1h[30d]) * 24 * 30 - record: code_verb:apiserver_request_total:increase30d - - expr: sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"LIST|GET"}) - labels: - verb: read - record: code:apiserver_request_total:increase30d - - expr: sum by (cluster, code) (code_verb:apiserver_request_total:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) - labels: - verb: write - record: code:apiserver_request_total:increase30d - - expr: sum by (cluster, verb, scope) (increase(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count[1h])) - record: cluster_verb_scope:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count:increase1h - - expr: sum by (cluster, verb, scope) (avg_over_time(cluster_verb_scope:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count:increase1h[30d]) * 24 * 30) - record: cluster_verb_scope:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count:increase30d - - expr: sum by (cluster, verb, scope, le) (increase(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket[1h])) - record: cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase1h - - expr: sum by (cluster, verb, scope, le) (avg_over_time(cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase1h[30d]) * 24 * 30) - record: cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d - - expr: |- - 1 - ( - ( - # write too slow - sum by (cluster) (cluster_verb_scope:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) - - - sum by (cluster) (cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le="1"}) - ) + - ( - # read too slow - sum by (cluster) (cluster_verb_scope:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count:increase30d{verb=~"LIST|GET"}) - - - ( - ( - sum by (cluster) (cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le="1"}) - or - vector(0) - ) - + - sum by (cluster) (cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le="5"}) - + - sum by (cluster) (cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le="30"}) - ) - ) + - # errors - sum by (cluster) (code:apiserver_request_total:increase30d{code=~"5.."} or vector(0)) - ) - / - sum by (cluster) (code:apiserver_request_total:increase30d) - labels: - verb: all - record: apiserver_request:availability30d - - expr: |- - 1 - ( - sum by (cluster) (cluster_verb_scope:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count:increase30d{verb=~"LIST|GET"}) - - - ( - # too slow - ( - sum by (cluster) (cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope=~"resource|",le="1"}) - or - vector(0) - ) - + - sum by (cluster) (cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="namespace",le="5"}) - + - sum by (cluster) (cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d{verb=~"LIST|GET",scope="cluster",le="30"}) - ) - + - # errors - sum by (cluster) (code:apiserver_request_total:increase30d{verb="read",code=~"5.."} or vector(0)) - ) - / - sum by (cluster) (code:apiserver_request_total:increase30d{verb="read"}) - labels: - verb: read - record: apiserver_request:availability30d - - expr: |- - 1 - ( - ( - # too slow - sum by (cluster) (cluster_verb_scope:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count:increase30d{verb=~"POST|PUT|PATCH|DELETE"}) - - - sum by (cluster) (cluster_verb_scope_le:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket:increase30d{verb=~"POST|PUT|PATCH|DELETE",le="1"}) - ) - + - # errors - sum by (cluster) (code:apiserver_request_total:increase30d{verb="write",code=~"5.."} or vector(0)) - ) - / - sum by (cluster) (code:apiserver_request_total:increase30d{verb="write"}) - labels: - verb: write - record: apiserver_request:availability30d - - expr: sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) - labels: - verb: read - record: code_resource:apiserver_request_total:rate5m - - expr: sum by (cluster,code,resource) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) - labels: - verb: write - record: code_resource:apiserver_request_total:rate5m - - expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"2.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"3.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"4.."}[1h])) - record: code_verb:apiserver_request_total:increase1h - - expr: sum by (cluster, code, verb) (increase(apiserver_request_total{job="apiserver",verb=~"LIST|GET|POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) - record: code_verb:apiserver_request_total:increase1h -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml deleted file mode 100644 index 1cac2da6e..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-burnrate.rules.yaml +++ /dev/null @@ -1,328 +0,0 @@ -{{- /* -Generated from 'kube-apiserver-burnrate.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverBurnrate }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-burnrate.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kube-apiserver-burnrate.rules - rules: - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[1d])) - - - ( - ( - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[1d])) - or - vector(0) - ) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[1d])) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[1d])) - ) - ) - + - # errors - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1d])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1d])) - labels: - verb: read - record: apiserver_request:burnrate1d - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[1h])) - - - ( - ( - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[1h])) - or - vector(0) - ) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[1h])) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[1h])) - ) - ) - + - # errors - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[1h])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[1h])) - labels: - verb: read - record: apiserver_request:burnrate1h - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[2h])) - - - ( - ( - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[2h])) - or - vector(0) - ) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[2h])) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[2h])) - ) - ) - + - # errors - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[2h])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[2h])) - labels: - verb: read - record: apiserver_request:burnrate2h - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[30m])) - - - ( - ( - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[30m])) - or - vector(0) - ) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[30m])) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[30m])) - ) - ) - + - # errors - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[30m])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[30m])) - labels: - verb: read - record: apiserver_request:burnrate30m - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[3d])) - - - ( - ( - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[3d])) - or - vector(0) - ) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[3d])) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[3d])) - ) - ) - + - # errors - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[3d])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[3d])) - labels: - verb: read - record: apiserver_request:burnrate3d - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[5m])) - - - ( - ( - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[5m])) - or - vector(0) - ) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[5m])) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[5m])) - ) - ) - + - # errors - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[5m])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[5m])) - labels: - verb: read - record: apiserver_request:burnrate5m - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[6h])) - - - ( - ( - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope=~"resource|",le="1"}[6h])) - or - vector(0) - ) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="namespace",le="5"}[6h])) - + - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward",scope="cluster",le="30"}[6h])) - ) - ) - + - # errors - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET",code=~"5.."}[6h])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"LIST|GET"}[6h])) - labels: - verb: read - record: apiserver_request:burnrate6h - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[1d])) - - - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[1d])) - ) - + - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1d])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1d])) - labels: - verb: write - record: apiserver_request:burnrate1d - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[1h])) - - - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[1h])) - ) - + - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[1h])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[1h])) - labels: - verb: write - record: apiserver_request:burnrate1h - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[2h])) - - - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[2h])) - ) - + - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[2h])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[2h])) - labels: - verb: write - record: apiserver_request:burnrate2h - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[30m])) - - - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[30m])) - ) - + - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[30m])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[30m])) - labels: - verb: write - record: apiserver_request:burnrate30m - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[3d])) - - - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[3d])) - ) - + - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[3d])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[3d])) - labels: - verb: write - record: apiserver_request:burnrate3d - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[5m])) - - - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[5m])) - ) - + - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[5m])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[5m])) - labels: - verb: write - record: apiserver_request:burnrate5m - - expr: |- - ( - ( - # too slow - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_count{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[6h])) - - - sum by (cluster) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward",le="1"}[6h])) - ) - + - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",code=~"5.."}[6h])) - ) - / - sum by (cluster) (rate(apiserver_request_total{job="apiserver",verb=~"POST|PUT|PATCH|DELETE"}[6h])) - labels: - verb: write - record: apiserver_request:burnrate6h -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml deleted file mode 100644 index 9d2ea4d1e..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-histogram.rules.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{- /* -Generated from 'kube-apiserver-histogram.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverHistogram }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-histogram.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kube-apiserver-histogram.rules - rules: - - expr: histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"LIST|GET",subresource!~"proxy|attach|log|exec|portforward"}[5m]))) > 0 - labels: - quantile: '0.99' - verb: read - record: cluster_quantile:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.99, sum by (cluster, le, resource) (rate(apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds_bucket{job="apiserver",verb=~"POST|PUT|PATCH|DELETE",subresource!~"proxy|attach|log|exec|portforward"}[5m]))) > 0 - labels: - quantile: '0.99' - verb: write - record: cluster_quantile:apiserver_request{{ if (semverCompare ">=1.23.0-0" $kubeTargetVersion) }}_slo{{ end }}_duration_seconds:histogram_quantile -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml deleted file mode 100644 index 867fe20db..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-apiserver-slos.yaml +++ /dev/null @@ -1,115 +0,0 @@ -{{- /* -Generated from 'kube-apiserver-slos' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserverSlos }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-apiserver-slos" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kube-apiserver-slos - rules: -{{- if not (.Values.defaultRules.disabled.KubeAPIErrorBudgetBurn | default false) }} - - alert: KubeAPIErrorBudgetBurn - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The API server is burning too much error budget. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: |- - sum(apiserver_request:burnrate1h) > (14.40 * 0.01000) - and - sum(apiserver_request:burnrate5m) > (14.40 * 0.01000) - for: 2m - labels: - long: 1h - severity: critical - short: 5m -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeAPIErrorBudgetBurn | default false) }} - - alert: KubeAPIErrorBudgetBurn - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The API server is burning too much error budget. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: |- - sum(apiserver_request:burnrate6h) > (6.00 * 0.01000) - and - sum(apiserver_request:burnrate30m) > (6.00 * 0.01000) - for: 15m - labels: - long: 6h - severity: critical - short: 30m -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeAPIErrorBudgetBurn | default false) }} - - alert: KubeAPIErrorBudgetBurn - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The API server is burning too much error budget. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: |- - sum(apiserver_request:burnrate1d) > (3.00 * 0.01000) - and - sum(apiserver_request:burnrate2h) > (3.00 * 0.01000) - for: 1h - labels: - long: 1d - severity: warning - short: 2h -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeAPIErrorBudgetBurn | default false) }} - - alert: KubeAPIErrorBudgetBurn - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The API server is burning too much error budget. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapierrorbudgetburn - summary: The API server is burning too much error budget. - expr: |- - sum(apiserver_request:burnrate3d) > (1.00 * 0.01000) - and - sum(apiserver_request:burnrate6h) > (1.00 * 0.01000) - for: 3h - labels: - long: 3d - severity: warning - short: 6h -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml deleted file mode 100644 index 78a3db1cf..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-general.rules.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- /* -Generated from 'kube-prometheus-general.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusGeneral }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-general.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kube-prometheus-general.rules - rules: - - expr: count without(instance, pod, node) (up == 1) - record: count:up1 - - expr: count without(instance, pod, node) (up == 0) - record: count:up0 -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml deleted file mode 100644 index 0cd0ba5bf..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-prometheus-node-recording.rules.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- /* -Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus-node-recording.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kube-prometheus-node-recording.rules - rules: - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[3m])) BY (instance) - record: instance:node_cpu:rate:sum - - expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance) - record: instance:node_network_receive_bytes:rate:sum - - expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance) - record: instance:node_network_transmit_bytes:rate:sum - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) WITHOUT (cpu, mode) / ON(instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance) - record: instance:node_cpu:ratio - - expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait",mode!="steal"}[5m])) - record: cluster:node_cpu:sum_rate5m - - expr: cluster:node_cpu:sum_rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu)) - record: cluster:node_cpu:ratio -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml deleted file mode 100644 index efa1593d6..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-scheduler.rules.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- /* -Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} -{{- if (include "exporter.kubeScheduler.enabled" .)}} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-scheduler.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kube-scheduler.rules - rules: - - expr: histogram_quantile(0.99, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.99' - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.99, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.99' - record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.99, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.99' - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.9, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.9' - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.9, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.9' - record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.9, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.9' - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.5, sum(rate(scheduler_e2e_scheduling_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.5' - record: cluster_quantile:scheduler_e2e_scheduling_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.5, sum(rate(scheduler_scheduling_algorithm_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.5' - record: cluster_quantile:scheduler_scheduling_algorithm_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.5, sum(rate(scheduler_binding_duration_seconds_bucket{job="{{ include "exporter.kubeScheduler.jobName" . }}"}[5m])) without(instance, pod)) - labels: - quantile: '0.5' - record: cluster_quantile:scheduler_binding_duration_seconds:histogram_quantile -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-state-metrics.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-state-metrics.yaml deleted file mode 100644 index 7547436a7..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kube-state-metrics.yaml +++ /dev/null @@ -1,107 +0,0 @@ -{{- /* -Generated from 'kube-state-metrics' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubeStateMetrics-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeStateMetrics }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-state-metrics" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kube-state-metrics - rules: -{{- if not (.Values.defaultRules.disabled.KubeStateMetricsListErrors | default false) }} - - alert: KubeStateMetricsListErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: kube-state-metrics is experiencing errors at an elevated rate in list operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kube-state-metrics/kubestatemetricslisterrors - summary: kube-state-metrics is experiencing errors in list operations. - expr: |- - (sum(rate(kube_state_metrics_list_total{job="kube-state-metrics",result="error"}[5m])) - / - sum(rate(kube_state_metrics_list_total{job="kube-state-metrics"}[5m]))) - > 0.01 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeStateMetricsWatchErrors | default false) }} - - alert: KubeStateMetricsWatchErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: kube-state-metrics is experiencing errors at an elevated rate in watch operations. This is likely causing it to not be able to expose metrics about Kubernetes objects correctly or at all. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kube-state-metrics/kubestatemetricswatcherrors - summary: kube-state-metrics is experiencing errors in watch operations. - expr: |- - (sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics",result="error"}[5m])) - / - sum(rate(kube_state_metrics_watch_total{job="kube-state-metrics"}[5m]))) - > 0.01 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeStateMetricsShardingMismatch | default false) }} - - alert: KubeStateMetricsShardingMismatch - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: kube-state-metrics pods are running with different --total-shards configuration, some Kubernetes objects may be exposed multiple times or not exposed at all. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kube-state-metrics/kubestatemetricsshardingmismatch - summary: kube-state-metrics sharding is misconfigured. - expr: stdvar (kube_state_metrics_total_shards{job="kube-state-metrics"}) != 0 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeStateMetricsShardsMissing | default false) }} - - alert: KubeStateMetricsShardsMissing - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: kube-state-metrics shards are missing, some Kubernetes objects are not being exposed. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kube-state-metrics/kubestatemetricsshardsmissing - summary: kube-state-metrics shards are missing. - expr: |- - 2^max(kube_state_metrics_total_shards{job="kube-state-metrics"}) - 1 - - - sum( 2 ^ max by (shard_ordinal) (kube_state_metrics_shard_ordinal{job="kube-state-metrics"}) ) - != 0 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubelet.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubelet.rules.yaml deleted file mode 100644 index 613c68c91..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubelet.rules.yaml +++ /dev/null @@ -1,41 +0,0 @@ -{{- /* -Generated from 'kubelet.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubelet }} -{{- if (include "exporter.kubelet.enabled" .)}} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubelet.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubelet.rules - rules: - - expr: histogram_quantile(0.99, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}) - labels: - quantile: '0.99' - record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.9, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}) - labels: - quantile: '0.9' - record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile - - expr: histogram_quantile(0.5, sum(rate(kubelet_pleg_relist_duration_seconds_bucket[5m])) by (cluster, instance, le) * on(cluster, instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}) - labels: - quantile: '0.5' - record: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-apps.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-apps.yaml deleted file mode 100644 index d13185e33..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-apps.yaml +++ /dev/null @@ -1,375 +0,0 @@ -{{- /* -Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesApps }} -{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-apps" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-apps - rules: -{{- if not (.Values.defaultRules.disabled.KubePodCrashLooping | default false) }} - - alert: KubePodCrashLooping - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: 'Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} ({{`{{`}} $labels.container {{`}}`}}) is in waiting state (reason: "CrashLoopBackOff").' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepodcrashlooping - summary: Pod is crash looping. - expr: max_over_time(kube_pod_container_status_waiting_reason{reason="CrashLoopBackOff", job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) >= 1 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubePodNotReady | default false) }} - - alert: KubePodNotReady - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Pod {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} has been in a non-ready state for longer than 15 minutes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepodnotready - summary: Pod has been in a non-ready state for more than 15 minutes. - expr: |- - sum by (namespace, pod, cluster) ( - max by(namespace, pod, cluster) ( - kube_pod_status_phase{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}", phase=~"Pending|Unknown"} - ) * on(namespace, pod, cluster) group_left(owner_kind) topk by(namespace, pod, cluster) ( - 1, max by(namespace, pod, owner_kind, cluster) (kube_pod_owner{owner_kind!="Job"}) - ) - ) > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeDeploymentGenerationMismatch | default false) }} - - alert: KubeDeploymentGenerationMismatch - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Deployment generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} does not match, this indicates that the Deployment has failed but has not been rolled back. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedeploymentgenerationmismatch - summary: Deployment generation mismatch due to possible roll-back - expr: |- - kube_deployment_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - kube_deployment_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeDeploymentReplicasMismatch | default false) }} - - alert: KubeDeploymentReplicasMismatch - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Deployment {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.deployment {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedeploymentreplicasmismatch - summary: Deployment has not matched the expected number of replicas. - expr: |- - ( - kube_deployment_spec_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - > - kube_deployment_status_replicas_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - ) and ( - changes(kube_deployment_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) - == - 0 - ) - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeStatefulSetReplicasMismatch | default false) }} - - alert: KubeStatefulSetReplicasMismatch - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} has not matched the expected number of replicas for longer than 15 minutes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubestatefulsetreplicasmismatch - summary: Deployment has not matched the expected number of replicas. - expr: |- - ( - kube_statefulset_status_replicas_ready{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - kube_statefulset_status_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - ) and ( - changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[10m]) - == - 0 - ) - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeStatefulSetGenerationMismatch | default false) }} - - alert: KubeStatefulSetGenerationMismatch - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: StatefulSet generation for {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} does not match, this indicates that the StatefulSet has failed but has not been rolled back. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubestatefulsetgenerationmismatch - summary: StatefulSet generation mismatch due to possible roll-back - expr: |- - kube_statefulset_status_observed_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - kube_statefulset_metadata_generation{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeStatefulSetUpdateNotRolledOut | default false) }} - - alert: KubeStatefulSetUpdateNotRolledOut - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: StatefulSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.statefulset {{`}}`}} update has not been rolled out. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubestatefulsetupdatenotrolledout - summary: StatefulSet update has not been rolled out. - expr: |- - ( - max without (revision) ( - kube_statefulset_status_current_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - unless - kube_statefulset_status_update_revision{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - ) - * - ( - kube_statefulset_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - ) - ) and ( - changes(kube_statefulset_status_replicas_updated{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeDaemonSetRolloutStuck | default false) }} - - alert: KubeDaemonSetRolloutStuck - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} has not finished or progressed for at least 15 minutes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedaemonsetrolloutstuck - summary: DaemonSet rollout is stuck. - expr: |- - ( - ( - kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - ) or ( - kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - 0 - ) or ( - kube_daemonset_status_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - ) or ( - kube_daemonset_status_number_available{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - ) - ) and ( - changes(kube_daemonset_status_updated_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[5m]) - == - 0 - ) - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeContainerWaiting | default false) }} - - alert: KubeContainerWaiting - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: pod/{{`{{`}} $labels.pod {{`}}`}} in namespace {{`{{`}} $labels.namespace {{`}}`}} on container {{`{{`}} $labels.container{{`}}`}} has been in waiting state for longer than 1 hour. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecontainerwaiting - summary: Pod container waiting longer than 1 hour - expr: sum by (namespace, pod, container, cluster) (kube_pod_container_status_waiting_reason{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) > 0 - for: 1h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeDaemonSetNotScheduled | default false) }} - - alert: KubeDaemonSetNotScheduled - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are not scheduled.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedaemonsetnotscheduled - summary: DaemonSet pods are not scheduled. - expr: |- - kube_daemonset_status_desired_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - - - kube_daemonset_status_current_number_scheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeDaemonSetMisScheduled | default false) }} - - alert: KubeDaemonSetMisScheduled - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $value {{`}}`}} Pods of DaemonSet {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.daemonset {{`}}`}} are running where they are not supposed to run.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubedaemonsetmisscheduled - summary: DaemonSet pods are misscheduled. - expr: kube_daemonset_status_number_misscheduled{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeJobNotCompleted | default false) }} - - alert: KubeJobNotCompleted - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} is taking more than {{`{{`}} "43200" | humanizeDuration {{`}}`}} to complete. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubejobnotcompleted - summary: Job did not complete in time - expr: |- - time() - max by(namespace, job_name, cluster) (kube_job_status_start_time{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - and - kube_job_status_active{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0) > 43200 - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeJobFailed | default false) }} - - alert: KubeJobFailed - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Job {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.job_name {{`}}`}} failed to complete. Removing failed job after investigation should clear this alert. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubejobfailed - summary: Job failed to complete. - expr: kube_job_failed{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeHpaReplicasMismatch | default false) }} - - alert: KubeHpaReplicasMismatch - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.horizontalpodautoscaler {{`}}`}} has not matched the desired number of replicas for longer than 15 minutes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubehpareplicasmismatch - summary: HPA has not matched desired number of replicas. - expr: |- - (kube_horizontalpodautoscaler_status_desired_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - != - kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) - and - (kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - > - kube_horizontalpodautoscaler_spec_min_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) - and - (kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - < - kube_horizontalpodautoscaler_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}) - and - changes(kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"}[15m]) == 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeHpaMaxedOut | default false) }} - - alert: KubeHpaMaxedOut - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: HPA {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.horizontalpodautoscaler {{`}}`}} has been running at max replicas for longer than 15 minutes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubehpamaxedout - summary: HPA is running at max replicas - expr: |- - kube_horizontalpodautoscaler_status_current_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - == - kube_horizontalpodautoscaler_spec_max_replicas{job="kube-state-metrics", namespace=~"{{ $targetNamespace }}"} - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-resources.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-resources.yaml deleted file mode 100644 index 5fab8d7a3..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-resources.yaml +++ /dev/null @@ -1,193 +0,0 @@ -{{- /* -Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-resources" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-resources - rules: -{{- if not (.Values.defaultRules.disabled.KubeCPUOvercommit | default false) }} - - alert: KubeCPUOvercommit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Cluster has overcommitted CPU resource requests for Pods by {{`{{`}} $value {{`}}`}} CPU shares and cannot tolerate node failure. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecpuovercommit - summary: Cluster has overcommitted CPU resource requests. - expr: |- - sum(namespace_cpu:kube_pod_container_resource_requests:sum{}) - (sum(kube_node_status_allocatable{resource="cpu"}) - max(kube_node_status_allocatable{resource="cpu"})) > 0 - and - (sum(kube_node_status_allocatable{resource="cpu"}) - max(kube_node_status_allocatable{resource="cpu"})) > 0 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeMemoryOvercommit | default false) }} - - alert: KubeMemoryOvercommit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Cluster has overcommitted memory resource requests for Pods by {{`{{`}} $value | humanize {{`}}`}} bytes and cannot tolerate node failure. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubememoryovercommit - summary: Cluster has overcommitted memory resource requests. - expr: |- - sum(namespace_memory:kube_pod_container_resource_requests:sum{}) - (sum(kube_node_status_allocatable{resource="memory"}) - max(kube_node_status_allocatable{resource="memory"})) > 0 - and - (sum(kube_node_status_allocatable{resource="memory"}) - max(kube_node_status_allocatable{resource="memory"})) > 0 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeCPUQuotaOvercommit | default false) }} - - alert: KubeCPUQuotaOvercommit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Cluster has overcommitted CPU resource requests for Namespaces. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecpuquotaovercommit - summary: Cluster has overcommitted CPU resource requests. - expr: |- - sum(min without(resource) (kube_resourcequota{job="kube-state-metrics", type="hard", resource=~"(cpu|requests.cpu)"})) - / - sum(kube_node_status_allocatable{resource="cpu", job="kube-state-metrics"}) - > 1.5 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeMemoryQuotaOvercommit | default false) }} - - alert: KubeMemoryQuotaOvercommit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Cluster has overcommitted memory resource requests for Namespaces. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubememoryquotaovercommit - summary: Cluster has overcommitted memory resource requests. - expr: |- - sum(min without(resource) (kube_resourcequota{job="kube-state-metrics", type="hard", resource=~"(memory|requests.memory)"})) - / - sum(kube_node_status_allocatable{resource="memory", job="kube-state-metrics"}) - > 1.5 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeQuotaAlmostFull | default false) }} - - alert: KubeQuotaAlmostFull - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotaalmostfull - summary: Namespace quota is going to be full. - expr: |- - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - > 0.9 < 1 - for: 15m - labels: - severity: info -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeQuotaFullyUsed | default false) }} - - alert: KubeQuotaFullyUsed - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotafullyused - summary: Namespace quota is fully used. - expr: |- - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - == 1 - for: 15m - labels: - severity: info -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeQuotaExceeded | default false) }} - - alert: KubeQuotaExceeded - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Namespace {{`{{`}} $labels.namespace {{`}}`}} is using {{`{{`}} $value | humanizePercentage {{`}}`}} of its {{`{{`}} $labels.resource {{`}}`}} quota. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubequotaexceeded - summary: Namespace quota has exceeded the limits. - expr: |- - kube_resourcequota{job="kube-state-metrics", type="used"} - / ignoring(instance, job, type) - (kube_resourcequota{job="kube-state-metrics", type="hard"} > 0) - > 1 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.CPUThrottlingHigh | default false) }} - - alert: CPUThrottlingHigh - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $value | humanizePercentage {{`}}`}} throttling of CPU in namespace {{`{{`}} $labels.namespace {{`}}`}} for container {{`{{`}} $labels.container {{`}}`}} in pod {{`{{`}} $labels.pod {{`}}`}}.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/cputhrottlinghigh - summary: Processes experience elevated CPU throttling. - expr: |- - sum(increase(container_cpu_cfs_throttled_periods_total{container!="", }[5m])) by (container, pod, namespace) - / - sum(increase(container_cpu_cfs_periods_total{}[5m])) by (container, pod, namespace) - > ( 25 / 100 ) - for: 15m - labels: - severity: info -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-storage.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-storage.yaml deleted file mode 100644 index 7620061da..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-storage.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- /* -Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }} -{{- $targetNamespace := .Values.defaultRules.appNamespacesTarget }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-storage" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-storage - rules: -{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeFillingUp | default false) }} - - alert: KubePersistentVolumeFillingUp - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is only {{`{{`}} $value | humanizePercentage {{`}}`}} free. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumefillingup - summary: PersistentVolume is filling up. - expr: |- - kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - / - kubelet_volume_stats_capacity_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - < 0.03 - and - kubelet_volume_stats_used_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 - unless on(namespace, persistentvolumeclaim) - kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1 - unless on(namespace, persistentvolumeclaim) - kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1 - for: 1m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeFillingUp | default false) }} - - alert: KubePersistentVolumeFillingUp - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to fill up within four days. Currently {{`{{`}} $value | humanizePercentage {{`}}`}} is available. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumefillingup - summary: PersistentVolume is filling up. - expr: |- - ( - kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - / - kubelet_volume_stats_capacity_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - ) < 0.15 - and - kubelet_volume_stats_used_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 - and - predict_linear(kubelet_volume_stats_available_bytes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 - unless on(namespace, persistentvolumeclaim) - kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1 - unless on(namespace, persistentvolumeclaim) - kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1 - for: 1h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeInodesFillingUp | default false) }} - - alert: KubePersistentVolumeInodesFillingUp - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} only has {{`{{`}} $value | humanizePercentage {{`}}`}} free inodes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumeinodesfillingup - summary: PersistentVolumeInodes are filling up. - expr: |- - ( - kubelet_volume_stats_inodes_free{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - / - kubelet_volume_stats_inodes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - ) < 0.03 - and - kubelet_volume_stats_inodes_used{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 - unless on(namespace, persistentvolumeclaim) - kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1 - unless on(namespace, persistentvolumeclaim) - kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1 - for: 1m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeInodesFillingUp | default false) }} - - alert: KubePersistentVolumeInodesFillingUp - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Based on recent sampling, the PersistentVolume claimed by {{`{{`}} $labels.persistentvolumeclaim {{`}}`}} in Namespace {{`{{`}} $labels.namespace {{`}}`}} is expected to run out of inodes within four days. Currently {{`{{`}} $value | humanizePercentage {{`}}`}} of its inodes are free. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumeinodesfillingup - summary: PersistentVolumeInodes are filling up. - expr: |- - ( - kubelet_volume_stats_inodes_free{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - / - kubelet_volume_stats_inodes{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} - ) < 0.15 - and - kubelet_volume_stats_inodes_used{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"} > 0 - and - predict_linear(kubelet_volume_stats_inodes_free{job="{{ include "exporter.kubelet.jobName" . }}", namespace=~"{{ $targetNamespace }}", metrics_path="/metrics"}[6h], 4 * 24 * 3600) < 0 - unless on(namespace, persistentvolumeclaim) - kube_persistentvolumeclaim_access_mode{ access_mode="ReadOnlyMany"} == 1 - unless on(namespace, persistentvolumeclaim) - kube_persistentvolumeclaim_labels{label_excluded_from_alerts="true"} == 1 - for: 1h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubePersistentVolumeErrors | default false) }} - - alert: KubePersistentVolumeErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The persistent volume {{`{{`}} $labels.persistentvolume {{`}}`}} has status {{`{{`}} $labels.phase {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubepersistentvolumeerrors - summary: PersistentVolume is having issues with provisioning. - expr: kube_persistentvolume_status_phase{phase=~"Failed|Pending",job="kube-state-metrics"} > 0 - for: 5m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml deleted file mode 100644 index aff07d6a6..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-apiserver.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- /* -Generated from 'kubernetes-system-apiserver' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-apiserver" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-system-apiserver - rules: -{{- if not (.Values.defaultRules.disabled.KubeClientCertificateExpiration | default false) }} - - alert: KubeClientCertificateExpiration - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: A client certificate used to authenticate to kubernetes apiserver is expiring in less than 7.0 days. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeclientcertificateexpiration - summary: Client certificate is about to expire. - expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 604800 - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeClientCertificateExpiration | default false) }} - - alert: KubeClientCertificateExpiration - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: A client certificate used to authenticate to kubernetes apiserver is expiring in less than 24.0 hours. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeclientcertificateexpiration - summary: Client certificate is about to expire. - expr: apiserver_client_certificate_expiration_seconds_count{job="apiserver"} > 0 and on(job) histogram_quantile(0.01, sum by (job, le) (rate(apiserver_client_certificate_expiration_seconds_bucket{job="apiserver"}[5m]))) < 86400 - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeAggregatedAPIErrors | default false) }} - - alert: KubeAggregatedAPIErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Kubernetes aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has reported errors. It has appeared unavailable {{`{{`}} $value | humanize {{`}}`}} times averaged over the past 10m. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeaggregatedapierrors - summary: Kubernetes aggregated API has reported errors. - expr: sum by(name, namespace, cluster)(increase(aggregator_unavailable_apiservice_total[10m])) > 4 - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeAggregatedAPIDown | default false) }} - - alert: KubeAggregatedAPIDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Kubernetes aggregated API {{`{{`}} $labels.name {{`}}`}}/{{`{{`}} $labels.namespace {{`}}`}} has been only {{`{{`}} $value | humanize {{`}}`}}% available over the last 10m. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeaggregatedapidown - summary: Kubernetes aggregated API is down. - expr: (1 - max by(name, namespace, cluster)(avg_over_time(aggregator_unavailable_apiservice[10m]))) * 100 < 85 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if .Values.kubeApiServer.enabled }} -{{- if not (.Values.defaultRules.disabled.KubeAPIDown | default false) }} - - alert: KubeAPIDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: KubeAPI has disappeared from Prometheus target discovery. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapidown - summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="apiserver"} == 1) - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeAPITerminatedRequests | default false) }} - - alert: KubeAPITerminatedRequests - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The kubernetes apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeapiterminatedrequests - summary: The kubernetes apiserver has terminated {{`{{`}} $value | humanizePercentage {{`}}`}} of its incoming requests. - expr: sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) / ( sum(rate(apiserver_request_total{job="apiserver"}[10m])) + sum(rate(apiserver_request_terminations_total{job="apiserver"}[10m])) ) > 0.20 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml deleted file mode 100644 index 0639ef0eb..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-controller-manager.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- /* -Generated from 'kubernetes-system-controller-manager' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeControllerManager }} -{{- if (include "exporter.kubeControllerManager.enabled" .)}} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-controller-manager" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-system-controller-manager - rules: -{{- if not (.Values.defaultRules.disabled.KubeControllerManagerDown | default false) }} - - alert: KubeControllerManagerDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: KubeControllerManager has disappeared from Prometheus target discovery. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubecontrollermanagerdown - summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ include "exporter.kubeControllerManager.jobName" . }}"} == 1) - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} - diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml deleted file mode 100644 index 9b6445567..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kube-proxy.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- /* -Generated from 'kubernetes-system-kube-proxy' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeProxy }} -{{- if (include "exporter.kubeProxy.enabled" .)}} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-kube-proxy" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-system-kube-proxy - rules: -{{- if not (.Values.defaultRules.disabled.KubeProxyDown | default false) }} - - alert: KubeProxyDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: KubeProxy has disappeared from Prometheus target discovery. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeproxydown - summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ include "exporter.kubeProxy.jobName" . }}"} == 1) - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml deleted file mode 100644 index b9036c6a4..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-kubelet.yaml +++ /dev/null @@ -1,253 +0,0 @@ -{{- /* -Generated from 'kubernetes-system-kubelet' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-kubelet" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-system-kubelet - rules: -{{- if not (.Values.defaultRules.disabled.KubeNodeNotReady | default false) }} - - alert: KubeNodeNotReady - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $labels.node {{`}}`}} has been unready for more than 15 minutes.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubenodenotready - summary: Node is not ready. - expr: kube_node_status_condition{job="kube-state-metrics",condition="Ready",status="true"} == 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeNodeUnreachable | default false) }} - - alert: KubeNodeUnreachable - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $labels.node {{`}}`}} is unreachable and some workloads may be rescheduled.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubenodeunreachable - summary: Node is unreachable. - expr: (kube_node_spec_taint{job="kube-state-metrics",key="node.kubernetes.io/unreachable",effect="NoSchedule"} unless ignoring(key,value) kube_node_spec_taint{job="kube-state-metrics",key=~"ToBeDeletedByClusterAutoscaler|cloud.google.com/impending-node-termination|aws-node-termination-handler/spot-itn"}) == 1 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletTooManyPods | default false) }} - - alert: KubeletTooManyPods - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Kubelet '{{`{{`}} $labels.node {{`}}`}}' is running at {{`{{`}} $value | humanizePercentage {{`}}`}} of its Pod capacity. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubelettoomanypods - summary: Kubelet is running at capacity. - expr: |- - count by(cluster, node) ( - (kube_pod_status_phase{job="kube-state-metrics",phase="Running"} == 1) * on(instance,pod,namespace,cluster) group_left(node) topk by(instance,pod,namespace,cluster) (1, kube_pod_info{job="kube-state-metrics"}) - ) - / - max by(cluster, node) ( - kube_node_status_capacity{job="kube-state-metrics",resource="pods"} != 1 - ) > 0.95 - for: 15m - labels: - severity: info -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeNodeReadinessFlapping | default false) }} - - alert: KubeNodeReadinessFlapping - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The readiness status of node {{`{{`}} $labels.node {{`}}`}} has changed {{`{{`}} $value {{`}}`}} times in the last 15 minutes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubenodereadinessflapping - summary: Node readiness status is flapping. - expr: sum(changes(kube_node_status_condition{status="true",condition="Ready"}[15m])) by (cluster, node) > 2 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletPlegDurationHigh | default false) }} - - alert: KubeletPlegDurationHigh - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: The Kubelet Pod Lifecycle Event Generator has a 99th percentile duration of {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletplegdurationhigh - summary: Kubelet Pod Lifecycle Event Generator is taking too long to relist. - expr: node_quantile:kubelet_pleg_relist_duration_seconds:histogram_quantile{quantile="0.99"} >= 10 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletPodStartUpLatencyHigh | default false) }} - - alert: KubeletPodStartUpLatencyHigh - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Kubelet Pod startup 99th percentile latency is {{`{{`}} $value {{`}}`}} seconds on node {{`{{`}} $labels.node {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletpodstartuplatencyhigh - summary: Kubelet Pod startup latency is too high. - expr: histogram_quantile(0.99, sum(rate(kubelet_pod_worker_duration_seconds_bucket{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"}[5m])) by (cluster, instance, le)) * on(cluster, instance) group_left(node) kubelet_node_name{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"} > 60 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletClientCertificateExpiration | default false) }} - - alert: KubeletClientCertificateExpiration - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletclientcertificateexpiration - summary: Kubelet client certificate is about to expire. - expr: kubelet_certificate_manager_client_ttl_seconds < 604800 - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletClientCertificateExpiration | default false) }} - - alert: KubeletClientCertificateExpiration - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Client certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletclientcertificateexpiration - summary: Kubelet client certificate is about to expire. - expr: kubelet_certificate_manager_client_ttl_seconds < 86400 - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletServerCertificateExpiration | default false) }} - - alert: KubeletServerCertificateExpiration - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletservercertificateexpiration - summary: Kubelet server certificate is about to expire. - expr: kubelet_certificate_manager_server_ttl_seconds < 604800 - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletServerCertificateExpiration | default false) }} - - alert: KubeletServerCertificateExpiration - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Server certificate for Kubelet on node {{`{{`}} $labels.node {{`}}`}} expires in {{`{{`}} $value | humanizeDuration {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletservercertificateexpiration - summary: Kubelet server certificate is about to expire. - expr: kubelet_certificate_manager_server_ttl_seconds < 86400 - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletClientCertificateRenewalErrors | default false) }} - - alert: KubeletClientCertificateRenewalErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its client certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes). - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletclientcertificaterenewalerrors - summary: Kubelet has failed to renew its client certificate. - expr: increase(kubelet_certificate_manager_client_expiration_renew_errors[5m]) > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeletServerCertificateRenewalErrors | default false) }} - - alert: KubeletServerCertificateRenewalErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Kubelet on node {{`{{`}} $labels.node {{`}}`}} has failed to renew its server certificate ({{`{{`}} $value | humanize {{`}}`}} errors in the last 5 minutes). - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletservercertificaterenewalerrors - summary: Kubelet has failed to renew its server certificate. - expr: increase(kubelet_server_expiration_renew_errors[5m]) > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if (include "exporter.kubelet.enabled" .)}} -{{- if not (.Values.defaultRules.disabled.KubeletDown | default false) }} - - alert: KubeletDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Kubelet has disappeared from Prometheus target discovery. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeletdown - summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ include "exporter.kubelet.jobName" . }}", metrics_path="/metrics"} == 1) - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml deleted file mode 100644 index 283429cfd..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system-scheduler.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- /* -Generated from 'kubernetes-system-scheduler' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubeScheduler }} -{{- if (include "exporter.kubeScheduler.enabled" .)}} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system-scheduler" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-system-scheduler - rules: -{{- if not (.Values.defaultRules.disabled.KubeSchedulerDown | default false) }} - - alert: KubeSchedulerDown - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: KubeScheduler has disappeared from Prometheus target discovery. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeschedulerdown - summary: Target disappeared from Prometheus target discovery. - expr: absent(up{job="{{ include "exporter.kubeScheduler.jobName" . }}"} == 1) - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system.yaml deleted file mode 100644 index 32605926c..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/kubernetes-system.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- /* -Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kubernetes-system" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: kubernetes-system - rules: -{{- if not (.Values.defaultRules.disabled.KubeVersionMismatch | default false) }} - - alert: KubeVersionMismatch - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: There are {{`{{`}} $value {{`}}`}} different semantic versions of Kubernetes components running. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeversionmismatch - summary: Different semantic versions of Kubernetes components running. - expr: count by (cluster) (count by (git_version, cluster) (label_replace(kubernetes_build_info{job!~"kube-dns|coredns"},"git_version","$1","git_version","(v[0-9]*.[0-9]*).*"))) > 1 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.KubeClientErrors | default false) }} - - alert: KubeClientErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Kubernetes API server client '{{`{{`}} $labels.job {{`}}`}}/{{`{{`}} $labels.instance {{`}}`}}' is experiencing {{`{{`}} $value | humanizePercentage {{`}}`}} errors.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/kubernetes/kubeclienterrors - summary: Kubernetes API server client is experiencing errors. - expr: |- - (sum(rate(rest_client_requests_total{code=~"5.."}[5m])) by (cluster, instance, job, namespace) - / - sum(rate(rest_client_requests_total[5m])) by (cluster, instance, job, namespace)) - > 0.01 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.rules.yaml deleted file mode 100644 index c3cfe36ca..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.rules.yaml +++ /dev/null @@ -1,89 +0,0 @@ -{{- /* -Generated from 'node-exporter.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/nodeExporter-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.nodeExporterRecording }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: node-exporter.rules - rules: - - expr: |- - count without (cpu, mode) ( - node_cpu_seconds_total{job="node-exporter",mode="idle"} - ) - record: instance:node_num_cpu:sum - - expr: |- - 1 - avg without (cpu) ( - sum without (mode) (rate(node_cpu_seconds_total{job="node-exporter", mode=~"idle|iowait|steal"}[5m])) - ) - record: instance:node_cpu_utilisation:rate5m - - expr: |- - ( - node_load1{job="node-exporter"} - / - instance:node_num_cpu:sum{job="node-exporter"} - ) - record: instance:node_load1_per_cpu:ratio - - expr: |- - 1 - ( - ( - node_memory_MemAvailable_bytes{job="node-exporter"} - or - ( - node_memory_Buffers_bytes{job="node-exporter"} - + - node_memory_Cached_bytes{job="node-exporter"} - + - node_memory_MemFree_bytes{job="node-exporter"} - + - node_memory_Slab_bytes{job="node-exporter"} - ) - ) - / - node_memory_MemTotal_bytes{job="node-exporter"} - ) - record: instance:node_memory_utilisation:ratio - - expr: rate(node_vmstat_pgmajfault{job="node-exporter"}[5m]) - record: instance:node_vmstat_pgmajfault:rate5m - - expr: rate(node_disk_io_time_seconds_total{job="node-exporter", device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"}[5m]) - record: instance_device:node_disk_io_time_seconds:rate5m - - expr: rate(node_disk_io_time_weighted_seconds_total{job="node-exporter", device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"}[5m]) - record: instance_device:node_disk_io_time_weighted_seconds:rate5m - - expr: |- - sum without (device) ( - rate(node_network_receive_bytes_total{job="node-exporter", device!="lo"}[5m]) - ) - record: instance:node_network_receive_bytes_excluding_lo:rate5m - - expr: |- - sum without (device) ( - rate(node_network_transmit_bytes_total{job="node-exporter", device!="lo"}[5m]) - ) - record: instance:node_network_transmit_bytes_excluding_lo:rate5m - - expr: |- - sum without (device) ( - rate(node_network_receive_drop_total{job="node-exporter", device!="lo"}[5m]) - ) - record: instance:node_network_receive_drop_excluding_lo:rate5m - - expr: |- - sum without (device) ( - rate(node_network_transmit_drop_total{job="node-exporter", device!="lo"}[5m]) - ) - record: instance:node_network_transmit_drop_excluding_lo:rate5m -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.yaml deleted file mode 100644 index 2fa7e28d3..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-exporter.yaml +++ /dev/null @@ -1,398 +0,0 @@ -{{- /* -Generated from 'node-exporter' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/nodeExporter-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.nodeExporterAlerting }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-exporter" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: node-exporter - rules: -{{- if not (.Values.defaultRules.disabled.NodeFilesystemSpaceFillingUp | default false) }} - - alert: NodeFilesystemSpaceFillingUp - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemspacefillingup - summary: Filesystem is predicted to run out of space within the next 24 hours. - expr: |- - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 15 - and - predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFilesystemSpaceFillingUp | default false) }} - - alert: NodeFilesystemSpaceFillingUp - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left and is filling up fast. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemspacefillingup - summary: Filesystem is predicted to run out of space within the next 4 hours. - expr: |- - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 10 - and - predict_linear(node_filesystem_avail_bytes{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFilesystemAlmostOutOfSpace | default false) }} - - alert: NodeFilesystemAlmostOutOfSpace - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemalmostoutofspace - summary: Filesystem has less than 5% space left. - expr: |- - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 5 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 30m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFilesystemAlmostOutOfSpace | default false) }} - - alert: NodeFilesystemAlmostOutOfSpace - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available space left. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemalmostoutofspace - summary: Filesystem has less than 3% space left. - expr: |- - ( - node_filesystem_avail_bytes{job="node-exporter",fstype!=""} / node_filesystem_size_bytes{job="node-exporter",fstype!=""} * 100 < 3 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 30m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFilesystemFilesFillingUp | default false) }} - - alert: NodeFilesystemFilesFillingUp - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemfilesfillingup - summary: Filesystem is predicted to run out of inodes within the next 24 hours. - expr: |- - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 40 - and - predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 24*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFilesystemFilesFillingUp | default false) }} - - alert: NodeFilesystemFilesFillingUp - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left and is filling up fast. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemfilesfillingup - summary: Filesystem is predicted to run out of inodes within the next 4 hours. - expr: |- - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 20 - and - predict_linear(node_filesystem_files_free{job="node-exporter",fstype!=""}[6h], 4*60*60) < 0 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFilesystemAlmostOutOfFiles | default false) }} - - alert: NodeFilesystemAlmostOutOfFiles - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemalmostoutoffiles - summary: Filesystem has less than 5% inodes left. - expr: |- - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 5 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFilesystemAlmostOutOfFiles | default false) }} - - alert: NodeFilesystemAlmostOutOfFiles - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Filesystem on {{`{{`}} $labels.device {{`}}`}} at {{`{{`}} $labels.instance {{`}}`}} has only {{`{{`}} printf "%.2f" $value {{`}}`}}% available inodes left. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefilesystemalmostoutoffiles - summary: Filesystem has less than 3% inodes left. - expr: |- - ( - node_filesystem_files_free{job="node-exporter",fstype!=""} / node_filesystem_files{job="node-exporter",fstype!=""} * 100 < 3 - and - node_filesystem_readonly{job="node-exporter",fstype!=""} == 0 - ) - for: 1h - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeNetworkReceiveErrs | default false) }} - - alert: NodeNetworkReceiveErrs - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} receive errors in the last two minutes.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodenetworkreceiveerrs - summary: Network interface is reporting many receive errors. - expr: rate(node_network_receive_errs_total[2m]) / rate(node_network_receive_packets_total[2m]) > 0.01 - for: 1h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeNetworkTransmitErrs | default false) }} - - alert: NodeNetworkTransmitErrs - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $labels.instance {{`}}`}} interface {{`{{`}} $labels.device {{`}}`}} has encountered {{`{{`}} printf "%.0f" $value {{`}}`}} transmit errors in the last two minutes.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodenetworktransmiterrs - summary: Network interface is reporting many transmit errors. - expr: rate(node_network_transmit_errs_total[2m]) / rate(node_network_transmit_packets_total[2m]) > 0.01 - for: 1h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeHighNumberConntrackEntriesUsed | default false) }} - - alert: NodeHighNumberConntrackEntriesUsed - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of conntrack entries are used.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodehighnumberconntrackentriesused - summary: Number of conntrack are getting close to the limit. - expr: (node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75 - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeTextFileCollectorScrapeError | default false) }} - - alert: NodeTextFileCollectorScrapeError - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Node Exporter text file collector failed to scrape. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodetextfilecollectorscrapeerror - summary: Node Exporter text file collector failed to scrape. - expr: node_textfile_scrape_error{job="node-exporter"} == 1 - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeClockSkewDetected | default false) }} - - alert: NodeClockSkewDetected - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Clock on {{`{{`}} $labels.instance {{`}}`}} is out of sync by more than 300s. Ensure NTP is configured correctly on this host. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodeclockskewdetected - summary: Clock skew detected. - expr: |- - ( - node_timex_offset_seconds{job="node-exporter"} > 0.05 - and - deriv(node_timex_offset_seconds{job="node-exporter"}[5m]) >= 0 - ) - or - ( - node_timex_offset_seconds{job="node-exporter"} < -0.05 - and - deriv(node_timex_offset_seconds{job="node-exporter"}[5m]) <= 0 - ) - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeClockNotSynchronising | default false) }} - - alert: NodeClockNotSynchronising - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Clock on {{`{{`}} $labels.instance {{`}}`}} is not synchronising. Ensure NTP is configured on this host. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodeclocknotsynchronising - summary: Clock not synchronising. - expr: |- - min_over_time(node_timex_sync_status{job="node-exporter"}[5m]) == 0 - and - node_timex_maxerror_seconds{job="node-exporter"} >= 16 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeRAIDDegraded | default false) }} - - alert: NodeRAIDDegraded - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: RAID array '{{`{{`}} $labels.device {{`}}`}}' on {{`{{`}} $labels.instance {{`}}`}} is in degraded state due to one or more disks failures. Number of spare drives is insufficient to fix issue automatically. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/noderaiddegraded - summary: RAID Array is degraded - expr: node_md_disks_required{job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"} - ignoring (state) (node_md_disks{state="active",job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"}) > 0 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeRAIDDiskFailure | default false) }} - - alert: NodeRAIDDiskFailure - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: At least one device in RAID array on {{`{{`}} $labels.instance {{`}}`}} failed. Array '{{`{{`}} $labels.device {{`}}`}}' needs attention and possibly a disk swap. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/noderaiddiskfailure - summary: Failed device in RAID array - expr: node_md_disks{state="failed",job="node-exporter",device=~"(/dev/)?(mmcblk.p.+|nvme.+|rbd.+|sd.+|vd.+|xvd.+|dm-.+|dasd.+)"} > 0 - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFileDescriptorLimit | default false) }} - - alert: NodeFileDescriptorLimit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: File descriptors limit at {{`{{`}} $labels.instance {{`}}`}} is currently at {{`{{`}} printf "%.2f" $value {{`}}`}}%. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefiledescriptorlimit - summary: Kernel is predicted to exhaust file descriptors limit soon. - expr: |- - ( - node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 70 - ) - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.NodeFileDescriptorLimit | default false) }} - - alert: NodeFileDescriptorLimit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: File descriptors limit at {{`{{`}} $labels.instance {{`}}`}} is currently at {{`{{`}} printf "%.2f" $value {{`}}`}}%. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/node/nodefiledescriptorlimit - summary: Kernel is predicted to exhaust file descriptors limit soon. - expr: |- - ( - node_filefd_allocated{job="node-exporter"} * 100 / node_filefd_maximum{job="node-exporter"} > 90 - ) - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-network.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-network.yaml deleted file mode 100644 index 932097340..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node-network.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{- /* -Generated from 'node-network' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubePrometheus-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.network }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node-network" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: node-network - rules: -{{- if not (.Values.defaultRules.disabled.NodeNetworkInterfaceFlapping | default false) }} - - alert: NodeNetworkInterfaceFlapping - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Network interface "{{`{{`}} $labels.device {{`}}`}}" changing its up status often on node-exporter {{`{{`}} $labels.namespace {{`}}`}}/{{`{{`}} $labels.pod {{`}}`}} - runbook_url: {{ .Values.defaultRules.runbookUrl }}/general/nodenetworkinterfaceflapping - summary: Network interface is often changing its status - expr: changes(node_network_up{job="node-exporter",device!~"veth.+"}[2m]) > 2 - for: 2m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node.rules.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/node.rules.yaml deleted file mode 100644 index 4f8da294f..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/node.rules.yaml +++ /dev/null @@ -1,55 +0,0 @@ -{{- /* -Generated from 'node.rules' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/kubernetesControlPlane-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.node }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "node.rules" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: node.rules - rules: - - expr: |- - topk by(cluster, namespace, pod) (1, - max by (cluster, node, namespace, pod) ( - label_replace(kube_pod_info{job="kube-state-metrics",node!=""}, "pod", "$1", "pod", "(.*)") - )) - record: 'node_namespace_pod:kube_pod_info:' - - expr: |- - count by (cluster, node) (sum by (node, cpu) ( - node_cpu_seconds_total{job="node-exporter"} - * on (namespace, pod) group_left(node) - topk by(namespace, pod) (1, node_namespace_pod:kube_pod_info:) - )) - record: node:node_num_cpu:sum - - expr: |- - sum( - node_memory_MemAvailable_bytes{job="node-exporter"} or - ( - node_memory_Buffers_bytes{job="node-exporter"} + - node_memory_Cached_bytes{job="node-exporter"} + - node_memory_MemFree_bytes{job="node-exporter"} + - node_memory_Slab_bytes{job="node-exporter"} - ) - ) by (cluster) - record: :node_memory_MemAvailable_bytes:sum - - expr: |- - sum(rate(node_cpu_seconds_total{job="node-exporter",mode!="idle",mode!="iowait",mode!="steal"}[5m])) / - count(sum(node_cpu_seconds_total{job="node-exporter"}) by (cluster, instance, cpu)) - record: cluster:node_cpu:ratio_rate5m -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus-operator.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus-operator.yaml deleted file mode 100644 index 1c6b5c5d5..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus-operator.yaml +++ /dev/null @@ -1,148 +0,0 @@ -{{- /* -Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheusOperator-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }} -{{- $operatorJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "operator" }} -{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus-operator" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: prometheus-operator - rules: -{{- if not (.Values.defaultRules.disabled.PrometheusOperatorListErrors | default false) }} - - alert: PrometheusOperatorListErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Errors while performing List operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorlisterrors - summary: Errors while performing list operations in controller. - expr: (sum by (controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m])) / sum by (controller,namespace) (rate(prometheus_operator_list_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[10m]))) > 0.4 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusOperatorWatchErrors | default false) }} - - alert: PrometheusOperatorWatchErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Errors while performing watch operations in controller {{`{{`}}$labels.controller{{`}}`}} in {{`{{`}}$labels.namespace{{`}}`}} namespace. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorwatcherrors - summary: Errors while performing watch operations in controller. - expr: (sum by (controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m])) / sum by (controller,namespace) (rate(prometheus_operator_watch_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) > 0.4 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusOperatorSyncFailed | default false) }} - - alert: PrometheusOperatorSyncFailed - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Controller {{`{{`}} $labels.controller {{`}}`}} in {{`{{`}} $labels.namespace {{`}}`}} namespace fails to reconcile {{`{{`}} $value {{`}}`}} objects. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorsyncfailed - summary: Last controller reconciliation failed - expr: min_over_time(prometheus_operator_syncs{status="failed",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusOperatorReconcileErrors | default false) }} - - alert: PrometheusOperatorReconcileErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} $value | humanizePercentage {{`}}`}} of reconciling operations failed for {{`{{`}} $labels.controller {{`}}`}} controller in {{`{{`}} $labels.namespace {{`}}`}} namespace.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorreconcileerrors - summary: Errors while reconciling controller. - expr: (sum by (controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) / (sum by (controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]))) > 0.1 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusOperatorNodeLookupErrors | default false) }} - - alert: PrometheusOperatorNodeLookupErrors - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Errors while reconciling Prometheus in {{`{{`}} $labels.namespace {{`}}`}} Namespace. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatornodelookuperrors - summary: Errors while reconciling Prometheus. - expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusOperatorNotReady | default false) }} - - alert: PrometheusOperatorNotReady - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace isn't ready to reconcile {{`{{`}} $labels.controller {{`}}`}} resources. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatornotready - summary: Prometheus operator not ready - expr: min by (controller,namespace) (max_over_time(prometheus_operator_ready{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) == 0) - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusOperatorRejectedResources | default false) }} - - alert: PrometheusOperatorRejectedResources - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus operator in {{`{{`}} $labels.namespace {{`}}`}} namespace rejected {{`{{`}} printf "%0.0f" $value {{`}}`}} {{`{{`}} $labels.controller {{`}}`}}/{{`{{`}} $labels.resource {{`}}`}} resources. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus-operator/prometheusoperatorrejectedresources - summary: Resources rejected by Prometheus operator - expr: min_over_time(prometheus_operator_managed_resources{state="rejected",job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 5m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus.yaml b/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus.yaml deleted file mode 100644 index 358ca7a4e..000000000 --- a/charts/rancher-monitoring/templates/prometheus/rules-1.14/prometheus.yaml +++ /dev/null @@ -1,448 +0,0 @@ -{{- /* -Generated from 'prometheus' group from https://raw.githubusercontent.com/prometheus-operator/kube-prometheus/main/manifests/prometheus-prometheusRule.yaml -Do not change in-place! In order to change this file first read following link: -https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack/hack -*/ -}} -{{- $kubeTargetVersion := default .Capabilities.KubeVersion.GitVersion .Values.kubeTargetVersionOverride }} -{{- if and (semverCompare ">=1.14.0-0" $kubeTargetVersion) (semverCompare "<9.9.9-9" $kubeTargetVersion) .Values.defaultRules.create .Values.defaultRules.rules.prometheus }} -{{- $prometheusJob := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" }} -{{- $namespace := printf "%s" (include "kube-prometheus-stack.namespace" .) }} -apiVersion: monitoring.coreos.com/v1 -kind: PrometheusRule -metadata: - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "prometheus" | trunc 63 | trimSuffix "-" }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.defaultRules.labels }} -{{ toYaml .Values.defaultRules.labels | indent 4 }} -{{- end }} -{{- if .Values.defaultRules.annotations }} - annotations: -{{ toYaml .Values.defaultRules.annotations | indent 4 }} -{{- end }} -spec: - groups: - - name: prometheus - rules: -{{- if not (.Values.defaultRules.disabled.PrometheusBadConfig | default false) }} - - alert: PrometheusBadConfig - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to reload its configuration. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusbadconfig - summary: Failed Prometheus configuration reload. - expr: |- - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) == 0 - for: 10m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusNotificationQueueRunningFull | default false) }} - - alert: PrometheusNotificationQueueRunningFull - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Alert notification queue of Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is running full. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusnotificationqueuerunningfull - summary: Prometheus alert notification queue predicted to run full in less than 30m. - expr: |- - # Without min_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30) - > - min_over_time(prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) - ) - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusErrorSendingAlertsToSomeAlertmanagers | default false) }} - - alert: PrometheusErrorSendingAlertsToSomeAlertmanagers - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to Alertmanager {{`{{`}}$labels.alertmanager{{`}}`}}.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheuserrorsendingalertstosomealertmanagers - summary: Prometheus has encountered more than 1% errors sending alerts to a specific Alertmanager. - expr: |- - ( - rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) - / - rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) - ) - * 100 - > 1 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusNotConnectedToAlertmanagers | default false) }} - - alert: PrometheusNotConnectedToAlertmanagers - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not connected to any Alertmanagers. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusnotconnectedtoalertmanagers - summary: Prometheus is not connected to any Alertmanagers. - expr: |- - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - max_over_time(prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) < 1 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusTSDBReloadsFailing | default false) }} - - alert: PrometheusTSDBReloadsFailing - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} reload failures over the last 3h. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheustsdbreloadsfailing - summary: Prometheus has issues reloading blocks from disk. - expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0 - for: 4h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusTSDBCompactionsFailing | default false) }} - - alert: PrometheusTSDBCompactionsFailing - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has detected {{`{{`}}$value | humanize{{`}}`}} compaction failures over the last 3h. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheustsdbcompactionsfailing - summary: Prometheus has issues compacting blocks. - expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[3h]) > 0 - for: 4h - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusNotIngestingSamples | default false) }} - - alert: PrometheusNotIngestingSamples - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is not ingesting samples. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusnotingestingsamples - summary: Prometheus is not ingesting samples. - expr: |- - ( - rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0 - and - ( - sum without(scrape_job) (prometheus_target_metadata_cache_entries{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}) > 0 - or - sum without(rule_group) (prometheus_rule_group_rules{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}) > 0 - ) - ) - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusDuplicateTimestamps | default false) }} - - alert: PrometheusDuplicateTimestamps - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with different values but duplicated timestamp. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusduplicatetimestamps - summary: Prometheus is dropping samples with duplicate timestamps. - expr: rate(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusOutOfOrderTimestamps | default false) }} - - alert: PrometheusOutOfOrderTimestamps - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} is dropping {{`{{`}} printf "%.4g" $value {{`}}`}} samples/s with timestamps arriving out of order. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusoutofordertimestamps - summary: Prometheus drops samples with out-of-order timestamps. - expr: rate(prometheus_target_scrapes_sample_out_of_order_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 10m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusRemoteStorageFailures | default false) }} - - alert: PrometheusRemoteStorageFailures - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} failed to send {{`{{`}} printf "%.1f" $value {{`}}`}}% of the samples to {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}} - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusremotestoragefailures - summary: Prometheus fails to send samples to remote storage. - expr: |- - ( - (rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])) - / - ( - (rate(prometheus_remote_storage_failed_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])) - + - (rate(prometheus_remote_storage_succeeded_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) or rate(prometheus_remote_storage_samples_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m])) - ) - ) - * 100 - > 1 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusRemoteWriteBehind | default false) }} - - alert: PrometheusRemoteWriteBehind - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write is {{`{{`}} printf "%.1f" $value {{`}}`}}s behind for {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusremotewritebehind - summary: Prometheus remote write is behind. - expr: |- - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - max_over_time(prometheus_remote_storage_highest_timestamp_in_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) - - ignoring(remote_name, url) group_right - max_over_time(prometheus_remote_storage_queue_highest_sent_timestamp_seconds{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) - ) - > 120 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusRemoteWriteDesiredShards | default false) }} - - alert: PrometheusRemoteWriteDesiredShards - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} remote write desired shards calculation wants to run {{`{{`}} $value {{`}}`}} shards for queue {{`{{`}} $labels.remote_name{{`}}`}}:{{`{{`}} $labels.url {{`}}`}}, which is more than the max of {{`{{`}} printf `prometheus_remote_storage_shards_max{instance="%s",job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}` $labels.instance | query | first | value {{`}}`}}. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusremotewritedesiredshards - summary: Prometheus remote write desired shards calculation wants to run more than configured max shards. - expr: |- - # Without max_over_time, failed scrapes could create false negatives, see - # https://www.robustperception.io/alerting-on-gauges-in-prometheus-2-0 for details. - ( - max_over_time(prometheus_remote_storage_shards_desired{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) - > - max_over_time(prometheus_remote_storage_shards_max{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) - ) - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusRuleFailures | default false) }} - - alert: PrometheusRuleFailures - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed to evaluate {{`{{`}} printf "%.0f" $value {{`}}`}} rules in the last 5m. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusrulefailures - summary: Prometheus is failing rule evaluations. - expr: increase(prometheus_rule_evaluation_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusMissingRuleEvaluations | default false) }} - - alert: PrometheusMissingRuleEvaluations - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has missed {{`{{`}} printf "%.0f" $value {{`}}`}} rule group evaluations in the last 5m. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusmissingruleevaluations - summary: Prometheus is missing rule evaluations due to slow rule group evaluation. - expr: increase(prometheus_rule_group_iterations_missed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusTargetLimitHit | default false) }} - - alert: PrometheusTargetLimitHit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because the number of targets exceeded the configured target_limit. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheustargetlimithit - summary: Prometheus has dropped targets because some scrape configs have exceeded the targets limit. - expr: increase(prometheus_target_scrape_pool_exceeded_target_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusLabelLimitHit | default false) }} - - alert: PrometheusLabelLimitHit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has dropped {{`{{`}} printf "%.0f" $value {{`}}`}} targets because some samples exceeded the configured label_limit, label_name_length_limit or label_value_length_limit. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheuslabellimithit - summary: Prometheus has dropped targets because some scrape configs have exceeded the labels limit. - expr: increase(prometheus_target_scrape_pool_exceeded_label_limits_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusScrapeBodySizeLimitHit | default false) }} - - alert: PrometheusScrapeBodySizeLimitHit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed {{`{{`}} printf "%.0f" $value {{`}}`}} scrapes in the last 5m because some targets exceeded the configured body_size_limit. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusscrapebodysizelimithit - summary: Prometheus has dropped some targets that exceeded body size limit. - expr: increase(prometheus_target_scrapes_exceeded_body_size_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusScrapeSampleLimitHit | default false) }} - - alert: PrometheusScrapeSampleLimitHit - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} has failed {{`{{`}} printf "%.0f" $value {{`}}`}} scrapes in the last 5m because some targets exceeded the configured sample_limit. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheusscrapesamplelimithit - summary: Prometheus has failed scrapes that have exceeded the configured sample limit. - expr: increase(prometheus_target_scrapes_exceeded_sample_limit_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusTargetSyncFailure | default false) }} - - alert: PrometheusTargetSyncFailure - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} printf "%.0f" $value {{`}}`}} targets in Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} have failed to sync because invalid configuration was supplied.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheustargetsyncfailure - summary: Prometheus has failed to sync targets. - expr: increase(prometheus_target_sync_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[30m]) > 0 - for: 5m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusHighQueryLoad | default false) }} - - alert: PrometheusHighQueryLoad - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} query API has less than 20% available capacity in its query engine for the last 15 minutes. - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheushighqueryload - summary: Prometheus is reaching its maximum capacity serving concurrent requests. - expr: avg_over_time(prometheus_engine_queries{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) / max_over_time(prometheus_engine_queries_concurrent_max{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0.8 - for: 15m - labels: - severity: warning -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- if not (.Values.defaultRules.disabled.PrometheusErrorSendingAlertsToAnyAlertmanager | default false) }} - - alert: PrometheusErrorSendingAlertsToAnyAlertmanager - annotations: -{{- if .Values.defaultRules.additionalRuleAnnotations }} -{{ toYaml .Values.defaultRules.additionalRuleAnnotations | indent 8 }} -{{- end }} - description: '{{`{{`}} printf "%.1f" $value {{`}}`}}% minimum errors while sending alerts from Prometheus {{`{{`}}$labels.namespace{{`}}`}}/{{`{{`}}$labels.pod{{`}}`}} to any Alertmanager.' - runbook_url: {{ .Values.defaultRules.runbookUrl }}/prometheus/prometheuserrorsendingalertstoanyalertmanager - summary: Prometheus encounters more than 3% errors sending alerts to any Alertmanager. - expr: |- - min without (alertmanager) ( - rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}",alertmanager!~``}[5m]) - / - rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}",alertmanager!~``}[5m]) - ) - * 100 - > 3 - for: 15m - labels: - severity: critical -{{- if .Values.defaultRules.additionalRuleLabels }} -{{ toYaml .Values.defaultRules.additionalRuleLabels | indent 8 }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/prometheus/service.yaml b/charts/rancher-monitoring/templates/prometheus/service.yaml deleted file mode 100644 index 1e1f9c7b7..000000000 --- a/charts/rancher-monitoring/templates/prometheus/service.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.prometheus.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus - self-monitor: {{ .Values.prometheus.serviceMonitor.selfMonitor | quote }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.service.labels }} -{{ toYaml .Values.prometheus.service.labels | indent 4 }} -{{- end }} -{{- if .Values.prometheus.service.annotations }} - annotations: -{{ toYaml .Values.prometheus.service.annotations | indent 4 }} -{{- end }} -spec: -{{- if .Values.prometheus.service.clusterIP }} - clusterIP: {{ .Values.prometheus.service.clusterIP }} -{{- end }} -{{- if .Values.prometheus.service.externalIPs }} - externalIPs: -{{ toYaml .Values.prometheus.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.prometheus.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.prometheus.service.loadBalancerIP }} -{{- end }} -{{- if .Values.prometheus.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.prometheus.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} -{{- if ne .Values.prometheus.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.prometheus.service.externalTrafficPolicy }} -{{- end }} - ports: - - name: {{ .Values.prometheus.prometheusSpec.portName }} - {{- if eq .Values.prometheus.service.type "NodePort" }} - nodePort: {{ .Values.prometheus.service.nodePort }} - {{- end }} - port: {{ .Values.prometheus.service.port }} - targetPort: {{ .Values.prometheus.service.targetPort }} - {{- if .Values.prometheus.thanosIngress.enabled }} - - name: grpc - {{- if eq .Values.prometheus.service.type "NodePort" }} - nodePort: {{ .Values.prometheus.thanosIngress.nodePort }} - {{- end }} - port: {{ .Values.prometheus.thanosIngress.servicePort }} - targetPort: {{ .Values.prometheus.thanosIngress.servicePort }} - {{- end }} -{{- if .Values.prometheus.service.additionalPorts }} -{{ toYaml .Values.prometheus.service.additionalPorts | indent 2 }} -{{- end }} - publishNotReadyAddresses: {{ .Values.prometheus.service.publishNotReadyAddresses }} - selector: - app.kubernetes.io/name: prometheus - prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }} -{{- if .Values.prometheus.service.sessionAffinity }} - sessionAffinity: {{ .Values.prometheus.service.sessionAffinity }} -{{- end }} - type: "{{ .Values.prometheus.service.type }}" -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecar.yaml b/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecar.yaml deleted file mode 100644 index 2b80e7742..000000000 --- a/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecar.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.thanosService.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-discovery - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.thanosService.labels }} -{{ toYaml .Values.prometheus.thanosService.labels | indent 4 }} -{{- end }} -{{- if .Values.prometheus.thanosService.annotations }} - annotations: -{{ toYaml .Values.prometheus.thanosService.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.prometheus.thanosService.type }} - clusterIP: {{ .Values.prometheus.thanosService.clusterIP }} -{{- if ne .Values.prometheus.thanosService.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.prometheus.thanosService.externalTrafficPolicy }} -{{- end }} - ports: - - name: {{ .Values.prometheus.thanosService.portName }} - port: {{ .Values.prometheus.thanosService.port }} - targetPort: {{ .Values.prometheus.thanosService.targetPort }} - {{- if eq .Values.prometheus.thanosService.type "NodePort" }} - nodePort: {{ .Values.prometheus.thanosService.nodePort }} - {{- end }} - - name: {{ .Values.prometheus.thanosService.httpPortName }} - port: {{ .Values.prometheus.thanosService.httpPort }} - targetPort: {{ .Values.prometheus.thanosService.targetHttpPort }} - {{- if eq .Values.prometheus.thanosService.type "NodePort" }} - nodePort: {{ .Values.prometheus.thanosService.httpNodePort }} - {{- end }} - selector: - app.kubernetes.io/name: prometheus - prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecarExternal.yaml b/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecarExternal.yaml deleted file mode 100644 index fa45934d7..000000000 --- a/charts/rancher-monitoring/templates/prometheus/serviceThanosSidecarExternal.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.thanosServiceExternal.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-external - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.thanosServiceExternal.labels }} -{{ toYaml .Values.prometheus.thanosServiceExternal.labels | indent 4 }} -{{- end }} -{{- if .Values.prometheus.thanosServiceExternal.annotations }} - annotations: -{{ toYaml .Values.prometheus.thanosServiceExternal.annotations | indent 4 }} -{{- end }} -spec: - type: {{ .Values.prometheus.thanosServiceExternal.type }} -{{- if .Values.prometheus.thanosServiceExternal.loadBalancerIP }} - loadBalancerIP: {{ .Values.prometheus.thanosServiceExternal.loadBalancerIP }} -{{- end }} -{{- if .Values.prometheus.thanosServiceExternal.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.prometheus.thanosServiceExternal.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} -{{- if ne .Values.prometheus.thanosServiceExternal.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.prometheus.thanosServiceExternal.externalTrafficPolicy }} -{{- end }} - ports: - - name: {{ .Values.prometheus.thanosServiceExternal.portName }} - port: {{ .Values.prometheus.thanosServiceExternal.port }} - targetPort: {{ .Values.prometheus.thanosServiceExternal.targetPort }} - {{- if eq .Values.prometheus.thanosServiceExternal.type "NodePort" }} - nodePort: {{ .Values.prometheus.thanosServiceExternal.nodePort }} - {{- end }} - - name: {{ .Values.prometheus.thanosServiceExternal.httpPortName }} - port: {{ .Values.prometheus.thanosServiceExternal.httpPort }} - targetPort: {{ .Values.prometheus.thanosServiceExternal.targetHttpPort }} - {{- if eq .Values.prometheus.thanosServiceExternal.type "NodePort" }} - nodePort: {{ .Values.prometheus.thanosServiceExternal.httpNodePort }} - {{- end }} - selector: - app.kubernetes.io/name: prometheus - prometheus: {{ template "kube-prometheus-stack.prometheus.crname" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/serviceaccount.yaml b/charts/rancher-monitoring/templates/prometheus/serviceaccount.yaml deleted file mode 100644 index dde1632d6..000000000 --- a/charts/rancher-monitoring/templates/prometheus/serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus-stack.prometheus.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus - app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-prometheus - app.kubernetes.io/component: prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.prometheus.serviceAccount.annotations }} - annotations: -{{ toYaml .Values.prometheus.serviceAccount.annotations | indent 4 }} -{{- end }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{ include "kube-prometheus-stack.imagePullSecrets" . | trim | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/servicemonitor.yaml b/charts/rancher-monitoring/templates/prometheus/servicemonitor.yaml deleted file mode 100644 index 550d41b11..000000000 --- a/charts/rancher-monitoring/templates/prometheus/servicemonitor.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.selfMonitor }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-prometheus - release: {{ $.Release.Name | quote }} - self-monitor: "true" - namespaceSelector: - matchNames: - - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} - endpoints: - - port: {{ .Values.prometheus.prometheusSpec.portName }} - {{- if .Values.prometheus.serviceMonitor.interval }} - interval: {{ .Values.prometheus.serviceMonitor.interval }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.scheme }} - scheme: {{ .Values.prometheus.serviceMonitor.scheme }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.tlsConfig }} - tlsConfig: {{ toYaml .Values.prometheus.serviceMonitor.tlsConfig | nindent 6 }} - {{- end }} - {{- if .Values.prometheus.serviceMonitor.bearerTokenFile }} - bearerTokenFile: {{ .Values.prometheus.serviceMonitor.bearerTokenFile }} - {{- end }} - path: "{{ trimSuffix "/" .Values.prometheus.prometheusSpec.routePrefix }}/metrics" - metricRelabelings: - {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.prometheus.serviceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.prometheus.serviceMonitor.relabelings }} - relabelings: -{{ toYaml .Values.prometheus.serviceMonitor.relabelings | indent 6 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/servicemonitorThanosSidecar.yaml b/charts/rancher-monitoring/templates/prometheus/servicemonitorThanosSidecar.yaml deleted file mode 100644 index 9d410fd38..000000000 --- a/charts/rancher-monitoring/templates/prometheus/servicemonitorThanosSidecar.yaml +++ /dev/null @@ -1,51 +0,0 @@ -{{- if and .Values.prometheus.thanosService.enabled .Values.prometheus.thanosServiceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-sidecar - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-sidecar -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-discovery - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} - endpoints: - - port: {{ .Values.prometheus.thanosService.httpPortName }} - {{- if .Values.prometheus.thanosServiceMonitor.interval }} - interval: {{ .Values.prometheus.thanosServiceMonitor.interval }} - {{- end }} - {{- if .Values.prometheus.thanosServiceMonitor.scheme }} - scheme: {{ .Values.prometheus.thanosServiceMonitor.scheme }} - {{- end }} - {{- if .Values.prometheus.thanosServiceMonitor.tlsConfig }} - tlsConfig: {{ toYaml .Values.prometheus.thanosServiceMonitor.tlsConfig | nindent 6 }} - {{- end }} - {{- if .Values.prometheus.thanosServiceMonitor.bearerTokenFile }} - bearerTokenFile: {{ .Values.prometheus.thanosServiceMonitor.bearerTokenFile }} - {{- end }} - path: "/metrics" - metricRelabelings: - {{- if .Values.prometheus.thanosServiceMonitor.metricRelabelings}} - {{ tpl (toYaml .Values.prometheus.thanosServiceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.prometheus.thanosServiceMonitor.relabelings }} - relabelings: -{{ toYaml .Values.prometheus.thanosServiceMonitor.relabelings | indent 6 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/servicemonitors.yaml b/charts/rancher-monitoring/templates/prometheus/servicemonitors.yaml deleted file mode 100644 index a78d1cd00..000000000 --- a/charts/rancher-monitoring/templates/prometheus/servicemonitors.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }} -apiVersion: v1 -kind: List -items: -{{- range .Values.prometheus.additionalServiceMonitors }} - - apiVersion: monitoring.coreos.com/v1 - kind: ServiceMonitor - metadata: - name: {{ .name }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ template "kube-prometheus-stack.name" $ }}-prometheus -{{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if .additionalLabels }} -{{ toYaml .additionalLabels | indent 8 }} - {{- end }} - spec: - endpoints: -{{ toYaml .endpoints | indent 8 }} - {{- if .jobLabel }} - jobLabel: {{ .jobLabel }} - {{- end }} - {{- if .namespaceSelector }} - namespaceSelector: -{{ toYaml .namespaceSelector | indent 8 }} - {{- end }} - selector: -{{ toYaml .selector | indent 8 }} - {{- if .targetLabels }} - targetLabels: -{{ toYaml .targetLabels | indent 8 }} - {{- end }} - {{- if .podTargetLabels }} - podTargetLabels: -{{ toYaml .podTargetLabels | indent 8 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/prometheus/serviceperreplica.yaml b/charts/rancher-monitoring/templates/prometheus/serviceperreplica.yaml deleted file mode 100644 index 8d2fdc33d..000000000 --- a/charts/rancher-monitoring/templates/prometheus/serviceperreplica.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and .Values.prometheus.enabled .Values.prometheus.servicePerReplica.enabled }} -{{- $count := .Values.prometheus.prometheusSpec.replicas | int -}} -{{- $serviceValues := .Values.prometheus.servicePerReplica -}} -apiVersion: v1 -kind: List -metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-serviceperreplica - namespace: {{ template "kube-prometheus-stack.namespace" . }} -items: -{{- range $i, $e := until $count }} - - apiVersion: v1 - kind: Service - metadata: - name: {{ include "kube-prometheus-stack.fullname" $ }}-prometheus-{{ $i }} - namespace: {{ template "kube-prometheus-stack.namespace" $ }} - labels: - app: {{ include "kube-prometheus-stack.name" $ }}-prometheus -{{ include "kube-prometheus-stack.labels" $ | indent 8 }} - {{- if $serviceValues.annotations }} - annotations: -{{ toYaml $serviceValues.annotations | indent 8 }} - {{- end }} - spec: - {{- if $serviceValues.clusterIP }} - clusterIP: {{ $serviceValues.clusterIP }} - {{- end }} - {{- if $serviceValues.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := $serviceValues.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} - {{- end }} - {{- if ne $serviceValues.type "ClusterIP" }} - externalTrafficPolicy: {{ $serviceValues.externalTrafficPolicy }} - {{- end }} - ports: - - name: {{ $.Values.prometheus.prometheusSpec.portName }} - {{- if eq $serviceValues.type "NodePort" }} - nodePort: {{ $serviceValues.nodePort }} - {{- end }} - port: {{ $serviceValues.port }} - targetPort: {{ $serviceValues.targetPort }} - selector: - app.kubernetes.io/name: prometheus - prometheus: {{ include "kube-prometheus-stack.prometheus.crname" $ }} - statefulset.kubernetes.io/pod-name: prometheus-{{ include "kube-prometheus-stack.prometheus.crname" $ }}-{{ $i }} - type: "{{ $serviceValues.type }}" -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml deleted file mode 100644 index 2fe9124c5..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/clusterrole.yaml +++ /dev/null @@ -1,134 +0,0 @@ -{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: monitoring-admin - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} - rbac.authorization.k8s.io/aggregate-to-admin: "true" - {{- end }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - verbs: - - 'get' - - 'list' - - 'watch' -- apiGroups: - - monitoring.coreos.com - resources: - - thanosrulers - - thanosrulers/finalizers - - servicemonitors - - podmonitors - - prometheusrules - - podmonitors - - probes - - probes/finalizers - - alertmanagerconfigs - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: monitoring-edit - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} - rbac.authorization.k8s.io/aggregate-to-edit: "true" - {{- end }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - verbs: - - 'get' - - 'list' - - 'watch' -- apiGroups: - - monitoring.coreos.com - resources: - - thanosrulers - - thanosrulers/finalizers - - servicemonitors - - podmonitors - - prometheusrules - - podmonitors - - probes - - alertmanagerconfigs - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: monitoring-view - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - {{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }} - rbac.authorization.k8s.io/aggregate-to-view: "true" - {{- end }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - - thanosrulers - - thanosrulers/finalizers - - servicemonitors - - podmonitors - - prometheusrules - - podmonitors - - probes - - probes/finalizers - - alertmanagerconfigs - verbs: - - 'get' - - 'list' - - 'watch' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: monitoring-ui-view - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - services/proxy - resourceNames: - - "http:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" - - "https:{{ template "kube-prometheus-stack.fullname" . }}-prometheus:{{ .Values.prometheus.service.port }}" - - "http:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" - - "https:{{ template "kube-prometheus-stack.fullname" . }}-alertmanager:{{ .Values.alertmanager.service.port }}" -{{- if .Values.grafana.enabled }} - - "http:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" - - "https:{{ include "call-nested" (list . "grafana" "grafana.fullname") }}:{{ .Values.grafana.service.port }}" -{{- end }} - verbs: - - 'get' -- apiGroups: - - "" - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-prometheus - - {{ template "kube-prometheus-stack.fullname" . }}-alertmanager -{{- if .Values.grafana.enabled }} - - {{ include "call-nested" (list . "grafana" "grafana.fullname") }} -{{- end }} - resources: - - endpoints - verbs: - - get -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/config-role.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/config-role.yaml deleted file mode 100644 index f48ffc827..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/config-role.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-config-admin - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-config-edit - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-config-view - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - 'get' - - 'list' - - 'watch' -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboard-role.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboard-role.yaml deleted file mode 100644 index d2f81976a..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboard-role.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if and .Values.global.rbac.create .Values.global.rbac.userRoles.create .Values.grafana.enabled }} -{{- if .Values.grafana.defaultDashboardsEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-dashboard-admin - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-dashboard-edit - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: monitoring-dashboard-view - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - 'get' - - 'list' - - 'watch' -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml deleted file mode 100644 index 7b51a0bf7..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/addons/ingress-nginx-dashboard.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.ingressNginx.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: {{ printf "%s-%s" (include "kube-prometheus-stack.fullname" $) "ingress-nginx" | trunc 63 | trimSuffix "-" }} - {{- if .Values.grafana.sidecar.dashboards.annotations }} - annotations: {{ toYaml .Values.grafana.sidecar.dashboards.annotations | nindent 4 }} - {{- end }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/ingress-nginx/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml deleted file mode 100644 index d73b25745..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/cluster-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-cluster - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/cluster/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml deleted file mode 100644 index 8865efa93..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/default-dashboard.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-home - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/home/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml deleted file mode 100644 index 2afae10ef..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/k8s-dashboards.yaml +++ /dev/null @@ -1,31 +0,0 @@ -{{- $files := (.Files.Glob "files/rancher/k8s/*").AsConfig }} -{{- $filesDict := (fromYaml $files) }} -{{- if not (include "exporter.kubeEtcd.enabled" .) }} -{{- $filesDict = (unset $filesDict "rancher-etcd-nodes.json") -}} -{{- $filesDict = (unset $filesDict "rancher-etcd.json") -}} -{{- end }} -{{- if not (include "exporter.kubeControllerManager.enabled" .) }} -{{- $filesDict = (unset $filesDict "rancher-k8s-components-nodes.json") -}} -{{- $filesDict = (unset $filesDict "rancher-k8s-components.json") -}} -{{- else }} -{{- $_ := (set $filesDict "rancher-k8s-components-nodes.json" (get $filesDict "rancher-k8s-components-nodes.json" | replace "kube-controller-manager" (include "exporter.kubeControllerManager.jobName" .))) -}} -{{- $_ := (set $filesDict "rancher-k8s-components.json" (get $filesDict "rancher-k8s-components.json" | replace "kube-controller-manager" (include "exporter.kubeControllerManager.jobName" .))) -}} -{{- end }} -{{ $files = (toYaml $filesDict) }} -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-k8s - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ $files | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml deleted file mode 100644 index 172c36e9d..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/nodes-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-nodes - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/nodes/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/performance-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/performance-dashboards.yaml deleted file mode 100644 index 19836ec4e..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/performance-dashboards.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $selector := (include "rancher.serviceMonitor.selector" .) -}} -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.rancherMonitoring.enabled $selector }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-performance-debugging - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/performance/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml deleted file mode 100644 index 940f18869..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/pods-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-pods - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/pods/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml deleted file mode 100644 index d146dacdd..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/dashboards/rancher/workload-dashboards.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - namespace: {{ .Values.grafana.defaultDashboards.namespace }} - name: rancher-default-dashboards-workloads - annotations: -{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} - labels: - {{- if $.Values.grafana.sidecar.dashboards.label }} - {{ $.Values.grafana.sidecar.dashboards.label }}: "1" - {{- end }} - app: {{ template "kube-prometheus-stack.name" $ }}-grafana -{{ include "kube-prometheus-stack.labels" $ | indent 4 }} -data: -{{ (.Files.Glob "files/rancher/workloads/*").AsConfig | indent 2 }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml deleted file mode 100644 index 53a9ad689..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/service.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{- if and (not .Values.ingressNginx.enabled) (.Values.rkeIngressNginx.enabled) }} -{{- fail "Cannot set .Values.rkeIngressNginx.enabled=true when .Values.ingressNginx.enabled=false" }} -{{- end }} -{{- if and .Values.ingressNginx.enabled (not .Values.rkeIngressNginx.enabled) }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx - labels: - app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx - jobLabel: ingress-nginx -{{ include "kube-prometheus-stack.labels" . | indent 4 }} - namespace: {{ .Values.ingressNginx.namespace }} -spec: - clusterIP: None - ports: - - name: http-metrics - port: {{ .Values.ingressNginx.service.port }} - protocol: TCP - targetPort: {{ .Values.ingressNginx.service.targetPort }} - selector: - {{- if .Values.ingressNginx.service.selector }} -{{ toYaml .Values.ingressNginx.service.selector | indent 4 }} - {{- else }} - app: ingress-nginx - {{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml deleted file mode 100644 index b0f92e63b..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/ingress-nginx/servicemonitor.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if and (not .Values.ingressNginx.enabled) (.Values.rkeIngressNginx.enabled) }} -{{- fail "Cannot set .Values.rkeIngressNginx.enabled=true when .Values.ingressNginx.enabled=false" }} -{{- end }} -{{- if and .Values.ingressNginx.enabled (not .Values.rkeIngressNginx.enabled) }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-ingress-nginx - namespace: {{ .Values.ingressNginx.namespace }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - jobLabel: jobLabel - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-ingress-nginx - release: {{ $.Release.Name | quote }} - namespaceSelector: - matchNames: - - {{ .Values.ingressNginx.namespace }} - endpoints: - - port: http-metrics - {{- if .Values.ingressNginx.serviceMonitor.interval}} - interval: {{ .Values.ingressNginx.serviceMonitor.interval }} - {{- end }} - {{- if .Values.ingressNginx.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.ingressNginx.serviceMonitor.proxyUrl}} - {{- end }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - metricRelabelings: - {{- if .Values.ingressNginx.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.ingressNginx.serviceMonitor.metricRelabelings | indent 4) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.ingressNginx.serviceMonitor.relabelings }} - relabelings: -{{ toYaml .Values.ingressNginx.serviceMonitor.relabelings | indent 4 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/rancher/servicemonitor.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/exporters/rancher/servicemonitor.yaml deleted file mode 100644 index 1fba8f23f..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/exporters/rancher/servicemonitor.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- $selector := (include "rancher.serviceMonitor.selector" .) -}} -{{- if and .Values.rancherMonitoring.enabled $selector }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: {{ include "kube-prometheus-stack.labels" . | nindent 4 }} - name: rancher - namespace: cattle-system -spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - port: http - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - serverName: rancher - metricRelabelings: - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} - jobLabel: rancher -{{- if .Values.rancherMonitoring.namespaceSelector }} - namespaceSelector: {{ .Values.rancherMonitoring.namespaceSelector | toYaml | nindent 4 }} -{{- end }} - selector: {{ include "rancher.serviceMonitor.selector" . | nindent 4 }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-rancher-metrics -rules: -- apiGroups: - - management.cattle.io - resources: - - ranchermetrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-rancher-metrics -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-rancher-metrics -subjects: - - kind: ServiceAccount - name: {{ template "kube-prometheus-stack.fullname" . }}-prometheus - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/hardened.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/hardened.yaml deleted file mode 100644 index 4a90c1695..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/hardened.yaml +++ /dev/null @@ -1,128 +0,0 @@ -{{- $namespaces := dict "_0" .Release.Namespace -}} -{{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled (not .Values.grafana.defaultDashboards.useExistingNamespace) -}} -{{- $_ := set $namespaces "_1" .Values.grafana.defaultDashboards.namespace -}} -{{- end -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Chart.Name }}-patch-sa - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }}-patch-sa - annotations: - "helm.sh/hook": post-install, post-upgrade - "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation -spec: - template: - metadata: - name: {{ .Chart.Name }}-patch-sa - labels: - app: {{ .Chart.Name }}-patch-sa - spec: - serviceAccountName: {{ .Chart.Name }}-patch-sa - securityContext: - runAsNonRoot: true - runAsUser: 1000 - restartPolicy: Never - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - containers: - {{- range $_, $ns := $namespaces }} - - name: patch-sa-{{ $ns }} - image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }} - imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }} - command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"] - args: ["-n", "{{ $ns }}"] - {{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Chart.Name }}-patch-sa - labels: - app: {{ .Chart.Name }}-patch-sa -rules: -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: ['get', 'patch'] -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ .Chart.Name }}-patch-sa -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Chart.Name }}-patch-sa - labels: - app: {{ .Chart.Name }}-patch-sa -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Chart.Name }}-patch-sa -subjects: -- kind: ServiceAccount - name: {{ .Chart.Name }}-patch-sa - namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Chart.Name }}-patch-sa - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }}-patch-sa ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ .Chart.Name }}-patch-sa - namespace: {{ .Release.Namespace }} - labels: - app: {{ .Chart.Name }}-patch-sa -spec: - privileged: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'MustRunAsNonRoot' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'secret' -{{- range $_, $ns := $namespaces }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-allow-all - namespace: {{ $ns }} -spec: - podSelector: {} - ingress: - - {} - egress: - - {} - policyTypes: - - Ingress - - Egress -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/configmap.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/configmap.yaml deleted file mode 100644 index 53cb89821..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/configmap.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.upgrade.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "0" -data: -{{ (.Files.Glob "files/upgrade/scripts/*").AsConfig | indent 2 }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/job.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/job.yaml deleted file mode 100644 index 8f2771740..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/job.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.upgrade.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "2" -spec: - template: - metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - spec: - serviceAccountName: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - securityContext: - runAsNonRoot: false - runAsUser: 0 - restartPolicy: Never - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} - containers: - - name: run-scripts - image: {{ template "system_default_registry" . }}{{ .Values.upgrade.image.repository }}:{{ .Values.upgrade.image.tag }} - imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }} - command: - - /bin/sh - - -c - - > - for s in $(find /etc/scripts -type f); do - echo "Running $s..."; - cat $s | bash - done; - volumeMounts: - - name: upgrade - mountPath: /etc/scripts - volumes: - - name: upgrade - configMap: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/rbac.yaml b/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/rbac.yaml deleted file mode 100644 index e929a1992..000000000 --- a/charts/rancher-monitoring/templates/rancher-monitoring/upgrade/rbac.yaml +++ /dev/null @@ -1,131 +0,0 @@ -{{- if .Values.upgrade.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded - "helm.sh/hook-weight": "1" -rules: -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - statefulsets - verbs: - - 'list' - - 'delete' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade -subjects: -- kind: ServiceAccount - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" -rules: -{{- if .Values.global.cattle.psp.enabled }} -- apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "kube-prometheus-stack.fullname" . }}-upgrade -{{- end }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade -subjects: -- kind: ServiceAccount - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" ---- -{{- if .Values.global.cattle.psp.enabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.fullname" . }}-upgrade - annotations: - "helm.sh/hook": pre-upgrade, pre-rollback - "helm.sh/hook-delete-policy": before-hook-creation, hook-succeeded, hook-failed - "helm.sh/hook-weight": "1" -spec: - privileged: false - allowPrivilegeEscalation: false - hostNetwork: false - hostIPC: false - hostPID: false - runAsUser: - rule: 'RunAsAny' - seLinux: - rule: 'RunAsAny' - supplementalGroups: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - fsGroup: - rule: 'MustRunAs' - ranges: - - min: 1 - max: 65535 - readOnlyRootFilesystem: false - volumes: - - 'configMap' - - 'secret' -{{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/thanos-ruler/extrasecret.yaml b/charts/rancher-monitoring/templates/thanos-ruler/extrasecret.yaml deleted file mode 100644 index fe2ea5be6..000000000 --- a/charts/rancher-monitoring/templates/thanos-ruler/extrasecret.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.thanosRuler.extraSecret.data -}} -{{- $secretName := printf "thanos-ruler-%s-extra" (include "kube-prometheus-stack.fullname" . ) -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ default $secretName .Values.thanosRuler.extraSecret.name }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.thanosRuler.extraSecret.annotations }} - annotations: -{{ toYaml .Values.thanosRuler.extraSecret.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler - app.kubernetes.io/component: thanos-ruler -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -data: -{{- range $key, $val := .Values.thanosRuler.extraSecret.data }} - {{ $key }}: {{ $val | b64enc | quote }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/ingress.yaml b/charts/rancher-monitoring/templates/thanos-ruler/ingress.yaml deleted file mode 100644 index 2760805c5..000000000 --- a/charts/rancher-monitoring/templates/thanos-ruler/ingress.yaml +++ /dev/null @@ -1,77 +0,0 @@ -{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.ingress.enabled }} -{{- $pathType := .Values.thanosRuler.ingress.pathType | default "ImplementationSpecific" }} -{{- $serviceName := printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "thanos-ruler" }} -{{- $servicePort := .Values.thanosRuler.service.port -}} -{{- $routePrefix := list .Values.thanosRuler.thanosRulerSpec.routePrefix }} -{{- $paths := .Values.thanosRuler.ingress.paths | default $routePrefix -}} -{{- $apiIsStable := eq (include "kube-prometheus-stack.ingress.isStable" .) "true" -}} -{{- $ingressSupportsPathType := eq (include "kube-prometheus-stack.ingress.supportsPathType" .) "true" -}} -apiVersion: {{ include "kube-prometheus-stack.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $serviceName }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} -{{- if .Values.thanosRuler.ingress.annotations }} - annotations: -{{ toYaml .Values.thanosRuler.ingress.annotations | indent 4 }} -{{- end }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler -{{- if .Values.thanosRuler.ingress.labels }} -{{ toYaml .Values.thanosRuler.ingress.labels | indent 4 }} -{{- end }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - {{- if $apiIsStable }} - {{- if .Values.thanosRuler.ingress.ingressClassName }} - ingressClassName: {{ .Values.thanosRuler.ingress.ingressClassName }} - {{- end }} - {{- end }} - rules: - {{- if .Values.thanosRuler.ingress.hosts }} - {{- range $host := .Values.thanosRuler.ingress.hosts }} - - host: {{ tpl $host $ }} - http: - paths: - {{- range $p := $paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- else }} - - http: - paths: - {{- range $p := $paths }} - - path: {{ tpl $p $ }} - {{- if and $pathType $ingressSupportsPathType }} - pathType: {{ $pathType }} - {{- end }} - backend: - {{- if $apiIsStable }} - service: - name: {{ $serviceName }} - port: - number: {{ $servicePort }} - {{- else }} - serviceName: {{ $serviceName }} - servicePort: {{ $servicePort }} - {{- end }} - {{- end -}} - {{- end -}} - {{- if .Values.thanosRuler.ingress.tls }} - tls: -{{ tpl (toYaml .Values.thanosRuler.ingress.tls | indent 4) . }} - {{- end -}} -{{- end -}} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/podDisruptionBudget.yaml b/charts/rancher-monitoring/templates/thanos-ruler/podDisruptionBudget.yaml deleted file mode 100644 index d3d378d69..000000000 --- a/charts/rancher-monitoring/templates/thanos-ruler/podDisruptionBudget.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.podDisruptionBudget.enabled }} -apiVersion: {{ include "kube-prometheus-stack.pdb.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - {{- if .Values.thanosRuler.podDisruptionBudget.minAvailable }} - minAvailable: {{ .Values.thanosRuler.podDisruptionBudget.minAvailable }} - {{- end }} - {{- if .Values.thanosRuler.podDisruptionBudget.maxUnavailable }} - maxUnavailable: {{ .Values.thanosRuler.podDisruptionBudget.maxUnavailable }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: thanos-ruler - thanos-ruler: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler -{{- end }} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/ruler.yaml b/charts/rancher-monitoring/templates/thanos-ruler/ruler.yaml deleted file mode 100644 index c914e755d..000000000 --- a/charts/rancher-monitoring/templates/thanos-ruler/ruler.yaml +++ /dev/null @@ -1,168 +0,0 @@ -{{- if .Values.thanosRuler.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ThanosRuler -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.thanosRuler.annotations }} - annotations: -{{ toYaml .Values.thanosRuler.annotations | indent 4 }} -{{- end }} -spec: -{{- if .Values.thanosRuler.thanosRulerSpec.image }} - {{- if and .Values.thanosRuler.thanosRulerSpec.image.tag .Values.thanosRuler.thanosRulerSpec.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}:{{ .Values.thanosRuler.thanosRulerSpec.image.tag }}@sha256:{{ .Values.thanosRuler.thanosRulerSpec.image.sha }}" - {{- else if .Values.thanosRuler.thanosRulerSpec.image.sha }} - image: "{{ template "system_default_registry" . }}{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}@sha256:{{ .Values.thanosRuler.thanosRulerSpec.image.sha }}" - {{- else if .Values.thanosRuler.thanosRulerSpec.image.tag }} - image: "{{ template "system_default_registry" . }}{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}:{{ .Values.thanosRuler.thanosRulerSpec.image.tag }}" - {{- else }} - image: "{{ template "system_default_registry" . }}{{ .Values.thanosRuler.thanosRulerSpec.image.repository }}" - {{- end }} - {{- if .Values.thanosRuler.thanosRulerSpec.image.sha }} - sha: {{ .Values.thanosRuler.thanosRulerSpec.image.sha }} - {{- end }} -{{- end }} - replicas: {{ .Values.thanosRuler.thanosRulerSpec.replicas }} - listenLocal: {{ .Values.thanosRuler.thanosRulerSpec.listenLocal }} - serviceAccountName: {{ template "kube-prometheus-stack.thanosRuler.serviceAccountName" . }} -{{- if .Values.thanosRuler.thanosRulerSpec.externalPrefix }} - externalPrefix: "{{ tpl .Values.thanosRuler.thanosRulerSpec.externalPrefix . }}" -{{- else if and .Values.thanosRuler.ingress.enabled .Values.thanosRuler.ingress.hosts }} - externalPrefix: "http://{{ tpl (index .Values.thanosRuler.ingress.hosts 0) . }}{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}" -{{- else }} - externalPrefix: http://{{ template "kube-prometheus-stack.fullname" . }}-thanosRuler.{{ template "kube-prometheus-stack.namespace" . }}:{{ .Values.thanosRuler.service.port }} -{{- end }} - nodeSelector: {{ include "linux-node-selector" . | nindent 4 }} -{{- if .Values.thanosRuler.thanosRulerSpec.nodeSelector }} -{{ toYaml .Values.thanosRuler.thanosRulerSpec.nodeSelector | indent 4 }} -{{- end }} - paused: {{ .Values.thanosRuler.thanosRulerSpec.paused }} - logFormat: {{ .Values.thanosRuler.thanosRulerSpec.logFormat | quote }} - logLevel: {{ .Values.thanosRuler.thanosRulerSpec.logLevel | quote }} - retention: {{ .Values.thanosRuler.thanosRulerSpec.retention | quote }} -{{- if .Values.thanosRuler.thanosRulerSpec.evaluationInterval }} - evaluationInterval: {{ .Values.thanosRuler.thanosRulerSpec.evaluationInterval }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.ruleNamespaceSelector }} - ruleNamespaceSelector: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.ruleNamespaceSelector | indent 4 }} -{{ else }} - ruleNamespaceSelector: {} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.ruleSelector }} - ruleSelector: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.ruleSelector | indent 4}} -{{- else if .Values.thanosRuler.thanosRulerSpec.ruleSelectorNilUsesHelmValues }} - ruleSelector: - matchLabels: - release: {{ $.Release.Name | quote }} -{{ else }} - ruleSelector: {} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.alertQueryUrl }} - alertQueryUrl: "{{ .Values.thanosRuler.thanosRulerSpec.alertQueryUrl }}" -{{- end}} -{{- if .Values.thanosRuler.thanosRulerSpec.alertmanagersUrl }} - alertmanagersUrl: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.alertmanagersUrl | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.alertmanagersConfig }} - alertmanagersConfig: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.alertmanagersConfig | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.queryEndpoints }} - queryEndpoints: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.queryEndpoints | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.resources }} - resources: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.resources | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.routePrefix }} - routePrefix: "{{ .Values.thanosRuler.thanosRulerSpec.routePrefix }}" -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.securityContext }} - securityContext: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.securityContext | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.storage }} - storage: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.storage | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.objectStorageConfig }} - objectStorageConfig: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.objectStorageConfig | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.labels }} - labels: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.labels | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.objectStorageConfigFile }} - objectStorageConfigFile: {{ .Values.thanosRuler.thanosRulerSpec.objectStorageConfigFile }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.podMetadata }} - podMetadata: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.podMetadata | indent 4 }} -{{- end }} -{{- if or .Values.thanosRuler.thanosRulerSpec.podAntiAffinity .Values.thanosRuler.thanosRulerSpec.affinity }} - affinity: -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.affinity }} -{{ toYaml .Values.thanosRuler.thanosRulerSpec.affinity | indent 4 }} -{{- end }} -{{- if eq .Values.thanosRuler.thanosRulerSpec.podAntiAffinity "hard" }} - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: {{ .Values.thanosRuler.thanosRulerSpec.podAntiAffinityTopologyKey }} - labelSelector: - matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]} - - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler]} -{{- else if eq .Values.thanosRuler.thanosRulerSpec.podAntiAffinity "soft" }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: {{ .Values.thanosRuler.thanosRulerSpec.podAntiAffinityTopologyKey }} - labelSelector: - matchExpressions: - - {key: app.kubernetes.io/name, operator: In, values: [thanos-ruler]} - - {key: thanos-ruler, operator: In, values: [{{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler]} -{{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 4 }} -{{- if .Values.thanosRuler.thanosRulerSpec.tolerations }} -{{ toYaml .Values.thanosRuler.thanosRulerSpec.tolerations | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.topologySpreadConstraints }} - topologySpreadConstraints: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.topologySpreadConstraints | indent 4 }} -{{- end }} -{{- if .Values.global.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.containers }} - containers: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.containers | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.initContainers }} - initContainers: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.initContainers | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.priorityClassName }} - priorityClassName: {{.Values.thanosRuler.thanosRulerSpec.priorityClassName }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.volumes }} - volumes: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.volumes | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.thanosRulerSpec.volumeMounts }} - volumeMounts: -{{ toYaml .Values.thanosRuler.thanosRulerSpec.volumeMounts | indent 4 }} -{{- end }} - portName: {{ .Values.thanosRuler.thanosRulerSpec.portName }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/service.yaml b/charts/rancher-monitoring/templates/thanos-ruler/service.yaml deleted file mode 100644 index 093dbf7cd..000000000 --- a/charts/rancher-monitoring/templates/thanos-ruler/service.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{- if .Values.thanosRuler.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler - self-monitor: {{ .Values.thanosRuler.serviceMonitor.selfMonitor | quote }} -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.thanosRuler.service.labels }} -{{ toYaml .Values.thanosRuler.service.labels | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.service.annotations }} - annotations: -{{ toYaml .Values.thanosRuler.service.annotations | indent 4 }} -{{- end }} -spec: -{{- if .Values.thanosRuler.service.clusterIP }} - clusterIP: {{ .Values.thanosRuler.service.clusterIP }} -{{- end }} -{{- if .Values.thanosRuler.service.externalIPs }} - externalIPs: -{{ toYaml .Values.thanosRuler.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.thanosRuler.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.thanosRuler.service.loadBalancerIP }} -{{- end }} -{{- if .Values.thanosRuler.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.thanosRuler.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} -{{- if ne .Values.thanosRuler.service.type "ClusterIP" }} - externalTrafficPolicy: {{ .Values.thanosRuler.service.externalTrafficPolicy }} -{{- end }} - ports: - - name: {{ .Values.thanosRuler.thanosRulerSpec.portName }} - {{- if eq .Values.thanosRuler.service.type "NodePort" }} - nodePort: {{ .Values.thanosRuler.service.nodePort }} - {{- end }} - port: {{ .Values.thanosRuler.service.port }} - targetPort: {{ .Values.thanosRuler.service.targetPort }} - protocol: TCP -{{- if .Values.thanosRuler.service.additionalPorts }} -{{ toYaml .Values.thanosRuler.service.additionalPorts | indent 2 }} -{{- end }} - selector: - app.kubernetes.io/name: thanos-ruler - thanos-ruler: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler - type: "{{ .Values.thanosRuler.service.type }}" -{{- end }} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/serviceaccount.yaml b/charts/rancher-monitoring/templates/thanos-ruler/serviceaccount.yaml deleted file mode 100644 index 0138c357f..000000000 --- a/charts/rancher-monitoring/templates/thanos-ruler/serviceaccount.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-prometheus-stack.thanosRuler.serviceAccountName" . }} - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler - app.kubernetes.io/name: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler - app.kubernetes.io/component: thanos-ruler -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -{{- if .Values.thanosRuler.serviceAccount.annotations }} - annotations: -{{ toYaml .Values.thanosRuler.serviceAccount.annotations | indent 4 }} -{{- end }} -{{- if .Values.global.imagePullSecrets }} -imagePullSecrets: -{{ toYaml .Values.global.imagePullSecrets | indent 2 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/thanos-ruler/servicemonitor.yaml b/charts/rancher-monitoring/templates/thanos-ruler/servicemonitor.yaml deleted file mode 100644 index 1f2bd417f..000000000 --- a/charts/rancher-monitoring/templates/thanos-ruler/servicemonitor.yaml +++ /dev/null @@ -1,56 +0,0 @@ -{{- if and .Values.thanosRuler.enabled .Values.thanosRuler.serviceMonitor.selfMonitor }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "kube-prometheus-stack.fullname" . }}-thanos-ruler - namespace: {{ template "kube-prometheus-stack.namespace" . }} - labels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler -{{ include "kube-prometheus-stack.labels" . | indent 4 }} -spec: - selector: - matchLabels: - app: {{ template "kube-prometheus-stack.name" . }}-thanos-ruler - release: {{ $.Release.Name | quote }} - self-monitor: {{ .Values.thanosRuler.serviceMonitor.selfMonitor | quote }} - namespaceSelector: - matchNames: - - {{ printf "%s" (include "kube-prometheus-stack.namespace" .) | quote }} - endpoints: - - port: {{ .Values.thanosRuler.thanosRulerSpec.portName }} - {{- if .Values.thanosRuler.serviceMonitor.interval }} - interval: {{ .Values.thanosRuler.serviceMonitor.interval }} - {{- end }} - {{- if .Values.thanosRuler.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.thanosRuler.serviceMonitor.proxyUrl}} - {{- end }} - {{- if .Values.thanosRuler.serviceMonitor.scheme }} - scheme: {{ .Values.thanosRuler.serviceMonitor.scheme }} - {{- end }} - {{- if .Values.thanosRuler.serviceMonitor.bearerTokenFile }} - bearerTokenFile: {{ .Values.thanosRuler.serviceMonitor.bearerTokenFile }} - {{- end }} - {{- if .Values.thanosRuler.serviceMonitor.tlsConfig }} - tlsConfig: {{ toYaml .Values.thanosRuler.serviceMonitor.tlsConfig | nindent 6 }} - {{- end }} - path: "{{ trimSuffix "/" .Values.thanosRuler.thanosRulerSpec.routePrefix }}/metrics" - - metricRelabelings: - {{- if .Values.thanosRuler.serviceMonitor.metricRelabelings }} - {{ tpl (toYaml .Values.thanosRuler.serviceMonitor.metricRelabelings | indent 6) . }} - {{- end }} - {{ if .Values.global.cattle.clusterId }} - - sourceLabels: [__address__] - targetLabel: cluster_id - replacement: {{ .Values.global.cattle.clusterId }} - {{- end }} - {{ if .Values.global.cattle.clusterName}} - - sourceLabels: [__address__] - targetLabel: cluster_name - replacement: {{ .Values.global.cattle.clusterName }} - {{- end }} -{{- if .Values.thanosRuler.serviceMonitor.relabelings }} - relabelings: -{{ toYaml .Values.thanosRuler.serviceMonitor.relabelings | indent 6 }} -{{- end }} -{{- end }} diff --git a/charts/rancher-monitoring/templates/validate-install-crd.yaml b/charts/rancher-monitoring/templates/validate-install-crd.yaml deleted file mode 100644 index ac7921f58..000000000 --- a/charts/rancher-monitoring/templates/validate-install-crd.yaml +++ /dev/null @@ -1,21 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -# {{- $found := dict -}} -# {{- set $found "monitoring.coreos.com/v1alpha1/AlertmanagerConfig" false -}} -# {{- set $found "monitoring.coreos.com/v1/Alertmanager" false -}} -# {{- set $found "monitoring.coreos.com/v1/PodMonitor" false -}} -# {{- set $found "monitoring.coreos.com/v1/Probe" false -}} -# {{- set $found "monitoring.coreos.com/v1/Prometheus" false -}} -# {{- set $found "monitoring.coreos.com/v1/PrometheusRule" false -}} -# {{- set $found "monitoring.coreos.com/v1/ServiceMonitor" false -}} -# {{- set $found "monitoring.coreos.com/v1/ThanosRuler" false -}} -# {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} -# {{- end -}} -# {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} -# {{- end -}} -# {{- end -}} -#{{- end -}} \ No newline at end of file diff --git a/charts/rancher-monitoring/templates/validate-psp-install.yaml b/charts/rancher-monitoring/templates/validate-psp-install.yaml deleted file mode 100644 index a30c59d3b..000000000 --- a/charts/rancher-monitoring/templates/validate-psp-install.yaml +++ /dev/null @@ -1,7 +0,0 @@ -#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} -#{{- if .Values.global.cattle.psp.enabled }} -#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} -#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} -#{{- end }} -#{{- end }} -#{{- end }} diff --git a/charts/rancher-monitoring/values.yaml b/charts/rancher-monitoring/values.yaml deleted file mode 100644 index 29398e56b..000000000 --- a/charts/rancher-monitoring/values.yaml +++ /dev/null @@ -1,4217 +0,0 @@ -# Default values for kube-prometheus-stack. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# Rancher Monitoring Configuration - -## Configuration for prometheus-adapter -## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-adapter -## -prometheus-adapter: - enabled: true - prometheus: - # Change this if you change the namespaceOverride or nameOverride of prometheus-operator - url: http://rancher-monitoring-prometheus.cattle-monitoring-system.svc - port: 9090 - -## RKE PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox -## -rkeControllerManager: - enabled: false - metricsPort: 10257 # default to secure port as of k8s >= 1.22 - component: kube-controller-manager - clients: - https: - enabled: true - insecureSkipVerify: true - useServiceAccountCredentials: true - port: 10011 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/controlplane: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - kubeVersionOverrides: - - constraint: "< 1.22" - values: - metricsPort: 10252 # default to insecure port in k8s < 1.22 - clients: - https: - enabled: false - insecureSkipVerify: false - useServiceAccountCredentials: false - -rkeScheduler: - enabled: false - metricsPort: 10259 - component: kube-scheduler - clients: - https: - enabled: true - insecureSkipVerify: true - useServiceAccountCredentials: true - port: 10012 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/controlplane: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - kubeVersionOverrides: - - constraint: "< 1.23" - values: - metricsPort: 10251 # default to insecure port in k8s < 1.23 - clients: - https: - enabled: false - insecureSkipVerify: false - useServiceAccountCredentials: false - -rkeProxy: - enabled: false - metricsPort: 10249 - component: kube-proxy - clients: - port: 10013 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -rkeEtcd: - enabled: false - metricsPort: 2379 - component: kube-etcd - clients: - port: 10014 - https: - enabled: true - certDir: /etc/kubernetes/ssl - certFile: kube-etcd-*.pem - keyFile: kube-etcd-*-key.pem - caCertFile: kube-ca.pem - seLinuxOptions: - # Gives rkeEtcd permissions to read files in /etc/kubernetes/* - # Type is defined in https://github.com/rancher/rancher-selinux - type: rke_kubereader_t - nodeSelector: - node-role.kubernetes.io/etcd: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -rkeIngressNginx: - enabled: false - metricsPort: 10254 - component: ingress-nginx - clients: - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - nodeSelector: - node-role.kubernetes.io/worker: "true" - -## k3s PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox -## -k3sServer: - enabled: false - metricsPort: 10250 - component: k3s-server - clients: - port: 10013 - useLocalhost: true - https: - enabled: true - useServiceAccountCredentials: true - insecureSkipVerify: true - rbac: - additionalRules: - - nonResourceURLs: ["/metrics/cadvisor"] - verbs: ["get"] - - apiGroups: [""] - resources: ["nodes/metrics"] - verbs: ["get"] - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - serviceMonitor: - endpoints: - - port: metrics - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - port: metrics - path: /metrics/cadvisor - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - port: metrics - path: /metrics/probes - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - -## KubeADM PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox -## -kubeAdmControllerManager: - enabled: false - metricsPort: 10257 - component: kube-controller-manager - clients: - port: 10011 - useLocalhost: true - https: - enabled: true - useServiceAccountCredentials: true - insecureSkipVerify: true - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -kubeAdmScheduler: - enabled: false - metricsPort: 10259 - component: kube-scheduler - clients: - port: 10012 - useLocalhost: true - https: - enabled: true - useServiceAccountCredentials: true - insecureSkipVerify: true - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -kubeAdmProxy: - enabled: false - metricsPort: 10249 - component: kube-proxy - clients: - port: 10013 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -kubeAdmEtcd: - enabled: false - metricsPort: 2381 - component: kube-etcd - clients: - port: 10014 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/master: "" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -## rke2 PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox -## -rke2ControllerManager: - enabled: false - metricsPort: 10257 # default to secure port as of k8s >= 1.22 - component: kube-controller-manager - clients: - https: - enabled: true - insecureSkipVerify: true - useServiceAccountCredentials: true - port: 10011 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/master: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - kubeVersionOverrides: - - constraint: "< 1.22" - values: - metricsPort: 10252 # default to insecure port in k8s < 1.22 - clients: - https: - enabled: false - insecureSkipVerify: false - useServiceAccountCredentials: false - -rke2Scheduler: - enabled: false - metricsPort: 10259 # default to secure port as of k8s >= 1.22 - component: kube-scheduler - clients: - https: - enabled: true - insecureSkipVerify: true - useServiceAccountCredentials: true - port: 10012 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/master: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - kubeVersionOverrides: - - constraint: "< 1.22" - values: - metricsPort: 10251 # default to insecure port in k8s < 1.22 - clients: - https: - enabled: false - insecureSkipVerify: false - useServiceAccountCredentials: false - -rke2Proxy: - enabled: false - metricsPort: 10249 - component: kube-proxy - clients: - port: 10013 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -rke2Etcd: - enabled: false - metricsPort: 2381 - component: kube-etcd - clients: - port: 10014 - useLocalhost: true - nodeSelector: - node-role.kubernetes.io/etcd: "true" - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -rke2IngressNginx: - enabled: false - metricsPort: 10254 - component: ingress-nginx - # in the RKE2 cluster, the ingress-nginx-controller is deployed - # as a non-hostNetwork workload starting at the following versions - # - >= v1.22.12+rke2r1 < 1.23.0-0 - # - >= v1.23.9+rke2r1 < 1.24.0-0 - # - >= v1.24.3+rke2r1 < 1.25.0-0 - # - >= v1.25.0+rke2r1 - # As a result we do not need clients and proxies as we can directly create - # a service that targets the workload with the given app name - namespaceOverride: kube-system - clients: - enabled: false - proxy: - enabled: false - service: - selector: - app.kubernetes.io/name: rke2-ingress-nginx - kubeVersionOverrides: - - constraint: "< 1.21.0-0" - values: - namespaceOverride: "" - clients: - enabled: true - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/component" - operator: "In" - values: - - "controller" - topologyKey: "kubernetes.io/hostname" - namespaces: - - "kube-system" - # in the RKE2 cluster, the ingress-nginx-controller is deployed as - # a DaemonSet with 1 pod when RKE2 version is < 1.21.0-0 - deployment: - enabled: false - proxy: - enabled: true - service: - selector: false - - constraint: ">= 1.21.0-0 < 1.22.12-0" - values: - namespaceOverride: "" - clients: - enabled: true - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/component" - operator: "In" - values: - - "controller" - topologyKey: "kubernetes.io/hostname" - namespaces: - - "kube-system" - # in the RKE2 cluster, the ingress-nginx-controller is deployed as - # a hostNetwork Deployment with 1 pod when RKE2 version is >= 1.21.0-0 - deployment: - enabled: true - replicas: 1 - proxy: - enabled: true - service: - selector: false - - constraint: ">= 1.23.0-0 < v1.23.9-0" - values: - namespaceOverride: "" - clients: - enabled: true - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/component" - operator: "In" - values: - - "controller" - topologyKey: "kubernetes.io/hostname" - namespaces: - - "kube-system" - # in the RKE2 cluster, the ingress-nginx-controller is deployed as - # a hostNetwork Deployment with 1 pod when RKE2 version is >= 1.20.0-0 - deployment: - enabled: true - replicas: 1 - proxy: - enabled: true - service: - selector: false - - constraint: ">= 1.24.0-0 < v1.24.3-0" - values: - namespaceOverride: "" - clients: - enabled: true - port: 10015 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - affinity: - podAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: "app.kubernetes.io/component" - operator: "In" - values: - - "controller" - topologyKey: "kubernetes.io/hostname" - namespaces: - - "kube-system" - # in the RKE2 cluster, the ingress-nginx-controller is deployed as - # a hostNetwork Deployment with 1 pod when RKE2 version is >= 1.20.0-0 - deployment: - enabled: true - replicas: 1 - proxy: - enabled: true - service: - selector: false - -## Additional PushProx Monitoring -## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-pushprox -## - -# hardenedKubelet can only be deployed if kubelet.enabled=true -# If enabled, it replaces the ServiceMonitor deployed by the default kubelet option with a -# PushProx-based exporter that does not require a host port to be open to scrape metrics. -hardenedKubelet: - enabled: false - metricsPort: 10250 - component: kubelet - clients: - port: 10015 - useLocalhost: true - https: - enabled: true - useServiceAccountCredentials: true - insecureSkipVerify: true - rbac: - additionalRules: - - nonResourceURLs: ["/metrics/cadvisor"] - verbs: ["get"] - - apiGroups: [""] - resources: ["nodes/metrics"] - verbs: ["get"] - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - serviceMonitor: - endpoints: - - port: metrics - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - port: metrics - path: /metrics/cadvisor - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - - port: metrics - path: /metrics/probes - honorLabels: true - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - -# hardenedNodeExporter can only be deployed if nodeExporter.enabled=true -# If enabled, it replaces the ServiceMonitor deployed by the default nodeExporter with a -# PushProx-based exporter that does not require a host port to be open to scrape metrics. -hardenedNodeExporter: - enabled: false - metricsPort: 9796 - component: node-exporter - clients: - port: 10016 - useLocalhost: true - tolerations: - - effect: "NoExecute" - operator: "Exists" - - effect: "NoSchedule" - operator: "Exists" - -## Upgrades -upgrade: - ## Run upgrade scripts before an upgrade or rollback via a Job hook - enabled: true - ## Image to use to run the scripts - image: - repository: rancher/shell - tag: v0.1.25 - -## Rancher Monitoring -## - -rancherMonitoring: - enabled: true - - ## A namespaceSelector to identify the namespace to find the Rancher deployment - ## - namespaceSelector: - matchNames: - - cattle-system - - ## A selector to identify the Rancher deployment - ## If not set, the chart will try to search for the Rancher deployment in the cattle-system namespace and infer the selector values from it - ## If the Rancher deployment does not exist, no resources will be deployed. - ## - selector: {} - -## Component scraping nginx-ingress-controller -## -ingressNginx: - enabled: false - - ## The namespace to search for your nginx-ingress-controller - ## - namespace: ingress-nginx - - service: - port: 9913 - targetPort: 10254 - # selector: - # app: ingress-nginx - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "30s" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## metric relabel configs to apply to samples before ingestion. - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - -# Prometheus Operator Configuration - -## Provide a name in place of kube-prometheus-stack for `app:` labels -## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url -## -nameOverride: "rancher-monitoring" - -## Override the deployment namespace -## NOTE: If you change this value, you must update the prometheus-adapter.prometheus.url -## -namespaceOverride: "cattle-monitoring-system" - -## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6 -## -kubeTargetVersionOverride: "" - -## Allow kubeVersion to be overridden while creating the ingress -## -kubeVersionOverride: "" - -## Provide a name to substitute for the full names of resources -## -fullnameOverride: "" - -## Labels to apply to all resources -## -commonLabels: {} -# scmhash: abc123 -# myLabel: aakkmd - -## Create default rules for monitoring the cluster -## -defaultRules: - create: true - rules: - alertmanager: true - etcd: true - configReloaders: true - general: true - k8s: true - kubeApiserverAvailability: true - kubeApiserverBurnrate: true - kubeApiserverHistogram: true - kubeApiserverSlos: true - kubeControllerManager: true - kubelet: true - kubeProxy: true - kubePrometheusGeneral: true - kubePrometheusNodeRecording: true - kubernetesApps: true - kubernetesResources: true - kubernetesStorage: true - kubernetesSystem: true - kubeScheduler: true - kubeStateMetrics: true - network: true - node: true - nodeExporterAlerting: true - nodeExporterRecording: true - prometheus: true - prometheusOperator: true - - ## Reduce app namespace alert scope - appNamespacesTarget: ".*" - - ## Labels for default rules - labels: {} - ## Annotations for default rules - annotations: {} - - ## Additional labels for PrometheusRule alerts - additionalRuleLabels: {} - - ## Additional annotations for PrometheusRule alerts - additionalRuleAnnotations: {} - - ## Prefix for runbook URLs. Use this to override the first part of the runbookURLs that is common to all rules. - runbookUrl: "https://runbooks.prometheus-operator.dev/runbooks" - - ## Disabled PrometheusRule alerts - disabled: {} - # KubeAPIDown: true - # NodeRAIDDegraded: true - -## Deprecated way to provide custom recording or alerting rules to be deployed into the cluster. -## -# additionalPrometheusRules: [] -# - name: my-rule-file -# groups: -# - name: my_group -# rules: -# - record: my_record -# expr: 100 * my_record - -## Provide custom recording or alerting rules to be deployed into the cluster. -## -additionalPrometheusRulesMap: {} -# rule-name: -# groups: -# - name: my_group -# rules: -# - record: my_record -# expr: 100 * my_record - -## -global: - cattle: - psp: - enabled: false - systemDefaultRegistry: "" - ## Windows Monitoring - ## ref: https://github.com/rancher/charts/tree/dev-v2.5-source/packages/rancher-windows-exporter - ## - ## Deploys a DaemonSet of Prometheus exporters based on https://github.com/prometheus-community/windows_exporter. - ## Every Windows host must have a wins version of 0.1.0+ to use this chart (default as of Rancher 2.5.8). - ## To upgrade wins versions on Windows hosts, see https://github.com/rancher/wins/tree/master/charts/rancher-wins-upgrader. - ## - windows: - enabled: false - seLinux: - enabled: false - kubectl: - repository: rancher/kubectl - tag: v1.20.2 - pullPolicy: IfNotPresent - rbac: - ## Create RBAC resources for ServiceAccounts and users - ## - create: true - - userRoles: - ## Create default user ClusterRoles to allow users to interact with Prometheus CRs, ConfigMaps, and Secrets - create: true - ## Aggregate default user ClusterRoles into default k8s ClusterRoles - aggregateToDefaultRoles: true - - pspAnnotations: {} - ## Specify pod annotations - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp - ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl - ## - # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' - # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' - # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' - - ## Reference to one or more secrets to be used when pulling images - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ - ## - imagePullSecrets: [] - # - name: "image-pull-secret" - # or - # - "image-pull-secret" - -## Configuration for alertmanager -## ref: https://prometheus.io/docs/alerting/alertmanager/ -## -alertmanager: - - ## Deploy alertmanager - ## - enabled: true - - ## Annotations for Alertmanager - ## - annotations: {} - - ## Api that prometheus will use to communicate with alertmanager. Possible values are v1, v2 - ## - apiVersion: v2 - - ## Service account for Alertmanager to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - create: true - name: "" - annotations: {} - - ## Configure pod disruption budgets for Alertmanager - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget - ## This configuration is immutable once created and will require the PDB to be deleted to be changed - ## https://github.com/kubernetes/kubernetes/issues/45398 - ## - podDisruptionBudget: - enabled: false - minAvailable: 1 - maxUnavailable: "" - - ## Alertmanager configuration directives - ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file - ## https://prometheus.io/webtools/alerting/routing-tree-editor/ - ## - config: - global: - resolve_timeout: 5m - inhibit_rules: - - source_matchers: - - 'severity = critical' - target_matchers: - - 'severity =~ warning|info' - equal: - - 'namespace' - - 'alertname' - - source_matchers: - - 'severity = warning' - target_matchers: - - 'severity = info' - equal: - - 'namespace' - - 'alertname' - - source_matchers: - - 'alertname = InfoInhibitor' - target_matchers: - - 'severity = info' - equal: - - 'namespace' - route: - group_by: ['namespace'] - group_wait: 30s - group_interval: 5m - repeat_interval: 12h - receiver: 'null' - routes: - - receiver: 'null' - matchers: - - alertname =~ "InfoInhibitor|Watchdog" - receivers: - - name: 'null' - templates: - - '/etc/alertmanager/config/*.tmpl' - - ## Pass the Alertmanager configuration directives through Helm's templating - ## engine. If the Alertmanager configuration contains Alertmanager templates, - ## they'll need to be properly escaped so that they are not interpreted by - ## Helm - ## ref: https://helm.sh/docs/developing_charts/#using-the-tpl-function - ## https://prometheus.io/docs/alerting/configuration/#tmpl_string - ## https://prometheus.io/docs/alerting/notifications/ - ## https://prometheus.io/docs/alerting/notification_examples/ - tplConfig: false - - ## Alertmanager template files to format alerts - ## By default, templateFiles are placed in /etc/alertmanager/config/ and if - ## they have a .tmpl file suffix will be loaded. See config.templates above - ## to change, add other suffixes. If adding other suffixes, be sure to update - ## config.templates above to include those suffixes. - ## ref: https://prometheus.io/docs/alerting/notifications/ - ## https://prometheus.io/docs/alerting/notification_examples/ - ## - - templateFiles: - rancher_defaults.tmpl: |- - {{- define "slack.rancher.text" -}} - {{ template "rancher.text_multiple" . }} - {{- end -}} - - {{- define "rancher.text_multiple" -}} - *[GROUP - Details]* - One or more alarms in this group have triggered a notification. - - {{- if gt (len .GroupLabels.Values) 0 }} - *Group Labels:* - {{- range .GroupLabels.SortedPairs }} - • *{{ .Name }}:* `{{ .Value }}` - {{- end }} - {{- end }} - {{- if .ExternalURL }} - *Link to AlertManager:* {{ .ExternalURL }} - {{- end }} - - {{- range .Alerts }} - {{ template "rancher.text_single" . }} - {{- end }} - {{- end -}} - - {{- define "rancher.text_single" -}} - {{- if .Labels.alertname }} - *[ALERT - {{ .Labels.alertname }}]* - {{- else }} - *[ALERT]* - {{- end }} - {{- if .Labels.severity }} - *Severity:* `{{ .Labels.severity }}` - {{- end }} - {{- if .Labels.cluster }} - *Cluster:* {{ .Labels.cluster }} - {{- end }} - {{- if .Annotations.summary }} - *Summary:* {{ .Annotations.summary }} - {{- end }} - {{- if .Annotations.message }} - *Message:* {{ .Annotations.message }} - {{- end }} - {{- if .Annotations.description }} - *Description:* {{ .Annotations.description }} - {{- end }} - {{- if .Annotations.runbook_url }} - *Runbook URL:* <{{ .Annotations.runbook_url }}|:spiral_note_pad:> - {{- end }} - {{- with .Labels }} - {{- with .Remove (stringSlice "alertname" "severity" "cluster") }} - {{- if gt (len .) 0 }} - *Additional Labels:* - {{- range .SortedPairs }} - • *{{ .Name }}:* `{{ .Value }}` - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- with .Annotations }} - {{- with .Remove (stringSlice "summary" "message" "description" "runbook_url") }} - {{- if gt (len .) 0 }} - *Additional Annotations:* - {{- range .SortedPairs }} - • *{{ .Name }}:* `{{ .Value }}` - {{- end }} - {{- end }} - {{- end }} - {{- end }} - {{- end -}} - - ingress: - enabled: false - - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - - annotations: {} - - labels: {} - - ## Redirect ingress to an additional defined port on the service - # servicePort: 8081 - - ## Hosts must be provided if Ingress is enabled. - ## - hosts: [] - # - alertmanager.domain.com - - ## Paths to use for ingress rules - one path should match the alertmanagerSpec.routePrefix - ## - paths: [] - # - / - - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific - - ## TLS configuration for Alertmanager Ingress - ## Secret must be manually created in the namespace - ## - tls: [] - # - secretName: alertmanager-general-tls - # hosts: - # - alertmanager.example.com - - ## Configuration for Alertmanager secret - ## - secret: - annotations: {} - - ## Configuration for creating an Ingress that will map to each Alertmanager replica service - ## alertmanager.servicePerReplica must be enabled - ## - ingressPerReplica: - enabled: false - - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - - annotations: {} - labels: {} - - ## Final form of the hostname for each per replica ingress is - ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} - ## - ## Prefix for the per replica ingress that will have `-$replicaNumber` - ## appended to the end - hostPrefix: "" - ## Domain that will be used for the per replica ingress - hostDomain: "" - - ## Paths to use for ingress rules - ## - paths: [] - # - / - - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific - - ## Secret name containing the TLS certificate for alertmanager per replica ingress - ## Secret must be manually created in the namespace - tlsSecretName: "" - - ## Separated secret for each per replica Ingress. Can be used together with cert-manager - ## - tlsSecretPerReplica: - enabled: false - ## Final form of the secret for each per replica ingress is - ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} - ## - prefix: "alertmanager" - - ## Configuration for Alertmanager service - ## - service: - annotations: {} - labels: {} - clusterIP: "" - - ## Port for Alertmanager Service to listen on - ## - port: 9093 - ## To be used with a proxy extraContainer port - ## - targetPort: 9093 - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30903 - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - - ## Additional ports to open for Alertmanager service - additionalPorts: [] - # additionalPorts: - # - name: authenticated - # port: 8081 - # targetPort: 8081 - - externalIPs: [] - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - - ## Service type - ## - type: ClusterIP - - ## Configuration for creating a separate Service for each statefulset Alertmanager replica - ## - servicePerReplica: - enabled: false - annotations: {} - - ## Port for Alertmanager Service per replica to listen on - ## - port: 9093 - - ## To be used with a proxy extraContainer port - targetPort: 9093 - - ## Port to expose on each node - ## Only used if servicePerReplica.type is 'NodePort' - ## - nodePort: 30904 - - ## Loadbalancer source IP ranges - ## Only used if servicePerReplica.type is "LoadBalancer" - loadBalancerSourceRanges: [] - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - - ## Service type - ## - type: ClusterIP - - ## If true, create a serviceMonitor for alertmanager - ## - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - selfMonitor: true - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - scheme: "" - - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig - tlsConfig: {} - - bearerTokenFile: - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Settings affecting alertmanagerSpec - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerspec - ## - alertmanagerSpec: - ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata - ## Metadata Labels and Annotations gets propagated to the Alertmanager pods. - ## - podMetadata: {} - - ## Image of Alertmanager - ## - image: - repository: rancher/mirrored-prometheus-alertmanager - tag: v0.24.0 - sha: "" - - ## If true then the user will be responsible to provide a secret with alertmanager configuration - ## So when true the config part will be ignored (including templateFiles) and the one in the secret will be used - ## - useExistingSecret: false - - ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the - ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - ## - secrets: [] - - ## ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. - ## The ConfigMaps are mounted into /etc/alertmanager/configmaps/. - ## - configMaps: [] - - ## ConfigSecret is the name of a Kubernetes Secret in the same namespace as the Alertmanager object, which contains configuration for - ## this Alertmanager instance. Defaults to 'alertmanager-' The secret is mounted into /etc/alertmanager/config. - ## - # configSecret: - - ## WebTLSConfig defines the TLS parameters for HTTPS - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerwebspec - web: {} - - ## AlertmanagerConfigs to be selected to merge and configure Alertmanager with. - ## - alertmanagerConfigSelector: {} - ## Example which selects all alertmanagerConfig resources - ## with label "alertconfig" with values any of "example-config" or "example-config-2" - # alertmanagerConfigSelector: - # matchExpressions: - # - key: alertconfig - # operator: In - # values: - # - example-config - # - example-config-2 - # - ## Example which selects all alertmanagerConfig resources with label "role" set to "example-config" - # alertmanagerConfigSelector: - # matchLabels: - # role: example-config - - ## Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. - ## - alertmanagerConfigNamespaceSelector: {} - ## Example which selects all namespaces - ## with label "alertmanagerconfig" with values any of "example-namespace" or "example-namespace-2" - # alertmanagerConfigNamespaceSelector: - # matchExpressions: - # - key: alertmanagerconfig - # operator: In - # values: - # - example-namespace - # - example-namespace-2 - - ## Example which selects all namespaces with label "alertmanagerconfig" set to "enabled" - # alertmanagerConfigNamespaceSelector: - # matchLabels: - # alertmanagerconfig: enabled - - ## AlermanagerConfig to be used as top level configuration - ## - alertmanagerConfiguration: {} - ## Example with select a global alertmanagerconfig - # alertmanagerConfiguration: - # name: global-alertmanager-Configuration - - ## Define Log Format - # Use logfmt (default) or json logging - logFormat: logfmt - - ## Log level for Alertmanager to be configured with. - ## - logLevel: info - - ## Size is the expected size of the alertmanager cluster. The controller will eventually make the size of the - ## running cluster equal to the expected size. - replicas: 1 - - ## Time duration Alertmanager shall retain data for. Default is '120h', and must match the regular expression - ## [0-9]+(ms|s|m|h) (milliseconds seconds minutes hours). - ## - retention: 120h - - ## Storage is the definition of how storage will be used by the Alertmanager instances. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md - ## - storage: {} - # volumeClaimTemplate: - # spec: - # storageClassName: gluster - # accessModes: ["ReadWriteOnce"] - # resources: - # requests: - # storage: 50Gi - # selector: {} - - ## The external URL the Alertmanager instances will be available under. This is necessary to generate correct URLs. This is necessary if Alertmanager is not served from root of a DNS name. string false - ## - externalUrl: - - ## The route prefix Alertmanager registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, - ## but the server serves requests under a different route prefix. For example for use with kubectl proxy. - ## - routePrefix: / - - ## If set to true all actions on the underlying managed objects are not going to be performed, except for delete actions. - ## - paused: false - - ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Define resources requests and limits for single Pods. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ - ## - resources: - limits: - memory: 500Mi - cpu: 1000m - requests: - memory: 100Mi - cpu: 100m - - ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. - ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. - ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. - ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. - ## - podAntiAffinity: "" - - ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. - ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone - ## - podAntiAffinityTopologyKey: kubernetes.io/hostname - - ## Assign custom affinity rules to the alertmanager instance - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - affinity: {} - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/e2e-az-name - # operator: In - # values: - # - e2e-az1 - # - e2e-az2 - - ## If specified, the pod's tolerations. - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - - ## If specified, the pod's topology spread constraints. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - # labelSelector: - # matchLabels: - # app: alertmanager - - ## SecurityContext holds pod-level security attributes and common container settings. - ## This defaults to non root user with uid 1000 and gid 2000. *v1.PodSecurityContext false - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 1000 - fsGroup: 2000 - - ## ListenLocal makes the Alertmanager server listen on loopback, so that it does not bind against the Pod IP. - ## Note this is only for the Alertmanager UI, not the gossip communication. - ## - listenLocal: false - - ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to an Alertmanager pod. - ## - containers: [] - # containers: - # - name: oauth-proxy - # image: quay.io/oauth2-proxy/oauth2-proxy:v7.3.0 - # args: - # - --upstream=http://127.0.0.1:9093 - # - --http-address=0.0.0.0:8081 - # - ... - # ports: - # - containerPort: 8081 - # name: oauth-proxy - # protocol: TCP - # resources: {} - - # Additional volumes on the output StatefulSet definition. - volumes: [] - - # Additional VolumeMounts on the output StatefulSet definition. - volumeMounts: [] - - ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes - ## (permissions, dir tree) on mounted volumes before starting prometheus - initContainers: [] - - ## Priority class assigned to the Pods - ## - priorityClassName: "" - - ## AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster. - ## - additionalPeers: [] - - ## PortName to use for Alert Manager. - ## - portName: "http-web" - - ## ClusterAdvertiseAddress is the explicit address to advertise in cluster. Needs to be provided for non RFC1918 [1] (public) addresses. [1] RFC1918: https://tools.ietf.org/html/rfc1918 - ## - clusterAdvertiseAddress: false - - ## ForceEnableClusterMode ensures Alertmanager does not deactivate the cluster mode when running with a single replica. - ## Use case is e.g. spanning an Alertmanager cluster across Kubernetes clusters with a single replica in each. - forceEnableClusterMode: false - - ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to - ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). - minReadySeconds: 0 - - ## ExtraSecret can be used to store various data in an extra secret - ## (use it for example to store hashed basic auth credentials) - extraSecret: - ## if not set, name will be auto generated - # name: "" - annotations: {} - data: {} - # auth: | - # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 - # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. - -## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml -## -grafana: - enabled: true - namespaceOverride: "" - - ## Grafana's primary configuration - ## NOTE: values in map will be converted to ini format - ## ref: http://docs.grafana.org/installation/configuration/ - ## - grafana.ini: - users: - auto_assign_org_role: Viewer - auth: - disable_login_form: false - auth.anonymous: - enabled: true - org_role: Viewer - auth.basic: - enabled: false - dashboards: - # Modify this value to change the default dashboard shown on the main Grafana page - default_home_dashboard_path: /tmp/dashboards/rancher-default-home.json - security: - # Required to embed dashboards in Rancher Cluster Overview Dashboard on Cluster Explorer - allow_embedding: true - - deploymentStrategy: - type: Recreate - - ## ForceDeployDatasources Create datasource configmap even if grafana deployment has been disabled - ## - forceDeployDatasources: false - - ## ForceDeployDashboard Create dashboard configmap even if grafana deployment has been disabled - ## - forceDeployDashboards: false - - ## Deploy default dashboards - ## - defaultDashboardsEnabled: true - - # Additional options for defaultDashboards - defaultDashboards: - # The default namespace to place defaultDashboards within - namespace: cattle-dashboards - # Whether to create the default namespace as a Helm managed namespace or use an existing namespace - # If false, the defaultDashboards.namespace will be created as a Helm managed namespace - useExistingNamespace: false - # Whether the Helm managed namespace created by this chart should be left behind on a Helm uninstall - # If you place other dashboards in this namespace, then they will be deleted on a helm uninstall - # Ignore if useExistingNamespace is true - cleanupOnUninstall: false - - ## Timezone for the default dashboards - ## Other options are: browser or a specific timezone, i.e. Europe/Luxembourg - ## - defaultDashboardsTimezone: utc - - adminPassword: prom-operator - - ingress: - ## If true, Grafana Ingress will be created - ## - enabled: false - - ## IngressClassName for Grafana Ingress. - ## Should be provided if Ingress is enable. - ## - # ingressClassName: nginx - - ## Annotations for Grafana Ingress - ## - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - - ## Labels to be added to the Ingress - ## - labels: {} - - ## Hostnames. - ## Must be provided if Ingress is enable. - ## - # hosts: - # - grafana.domain.com - hosts: [] - - ## Path for grafana ingress - path: / - - ## TLS configuration for grafana Ingress - ## Secret must be manually created in the namespace - ## - tls: [] - # - secretName: grafana-general-tls - # hosts: - # - grafana.example.com - - sidecar: - dashboards: - enabled: true - label: grafana_dashboard - searchNamespace: cattle-dashboards - labelValue: "1" - - ## Annotations for Grafana dashboard configmaps - ## - annotations: {} - multicluster: - global: - enabled: false - etcd: - enabled: false - provider: - allowUiUpdates: false - datasources: - enabled: true - defaultDatasourceEnabled: true - - uid: prometheus - - ## URL of prometheus datasource - ## - # url: http://prometheus-stack-prometheus:9090/ - - # If not defined, will use prometheus.prometheusSpec.scrapeInterval or its default - # defaultDatasourceScrapeInterval: 15s - - ## Annotations for Grafana datasource configmaps - ## - annotations: {} - - ## Create datasource for each Pod of Prometheus StatefulSet; - ## this uses headless service `prometheus-operated` which is - ## created by Prometheus Operator - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/0fee93e12dc7c2ea1218f19ae25ec6b893460590/pkg/prometheus/statefulset.go#L255-L286 - createPrometheusReplicasDatasources: false - label: grafana_datasource - labelValue: "1" - - ## Field with internal link pointing to existing data source in Grafana. - ## Can be provisioned via additionalDataSources - exemplarTraceIdDestinations: {} - # datasourceUid: Jaeger - # traceIdLabelName: trace_id - - extraConfigmapMounts: [] - # - name: certs-configmap - # mountPath: /etc/grafana/ssl/ - # configMap: certs-configmap - # readOnly: true - - deleteDatasources: [] - # - name: example-datasource - # orgId: 1 - - ## Configure additional grafana datasources (passed through tpl) - ## ref: http://docs.grafana.org/administration/provisioning/#datasources - additionalDataSources: [] - # - name: prometheus-sample - # access: proxy - # basicAuth: true - # basicAuthPassword: pass - # basicAuthUser: daco - # editable: false - # jsonData: - # tlsSkipVerify: true - # orgId: 1 - # type: prometheus - # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 - # version: 1 - - ## Passed to grafana subchart and used by servicemonitor below - ## - service: - portName: nginx-http - ## Port for Grafana Service to listen on - ## - port: 80 - ## To be used with a proxy extraContainer port - ## - targetPort: 8080 - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30950 - ## Service type - ## - type: ClusterIP - - proxy: - image: - repository: rancher/mirrored-library-nginx - tag: 1.24.0-alpine - - ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod - extraContainers: | - - name: grafana-proxy - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - image: "{{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}" - ports: - - containerPort: 8080 - name: nginx-http - protocol: TCP - volumeMounts: - - mountPath: /nginx - name: grafana-nginx - - mountPath: /var/cache/nginx - name: nginx-home - securityContext: - runAsUser: 101 - runAsGroup: 101 - - ## Volumes that can be used in containers - extraContainerVolumes: - - name: nginx-home - emptyDir: {} - - name: grafana-nginx - configMap: - name: grafana-nginx-proxy-config - items: - - key: nginx.conf - mode: 438 - path: nginx.conf - - ## If true, create a serviceMonitor for grafana - ## - serviceMonitor: - # If true, a ServiceMonitor CRD is created for a prometheus operator - # https://github.com/coreos/prometheus-operator - # - enabled: true - - # Path to use for scraping metrics. Might be different if server.root_url is set - # in grafana.ini - path: "/metrics" - - # namespace: monitoring (defaults to use the namespace this chart is deployed to) - - # labels for the ServiceMonitor - labels: {} - - # Scrape interval. If not set, the Prometheus default scrape interval is used. - # - interval: "" - scheme: http - tlsConfig: {} - scrapeTimeout: 30s - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - resources: - limits: - memory: 200Mi - cpu: 200m - requests: - memory: 100Mi - cpu: 100m - - testFramework: - enabled: false - -## Component scraping the kube api server -## -kubeApiServer: - enabled: true - tlsConfig: - serverName: kubernetes - insecureSkipVerify: false - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - jobLabel: component - selector: - matchLabels: - component: apiserver - provider: kubernetes - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: - # Drop excessively noisy apiserver buckets. - - action: drop - regex: apiserver_request_duration_seconds_bucket;(0.15|0.2|0.3|0.35|0.4|0.45|0.6|0.7|0.8|0.9|1.25|1.5|1.75|2|3|3.5|4|4.5|6|7|8|9|15|25|40|50) - sourceLabels: - - __name__ - - le - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: - # - __meta_kubernetes_namespace - # - __meta_kubernetes_service_name - # - __meta_kubernetes_endpoint_port_name - # action: keep - # regex: default;kubernetes;https - # - targetLabel: __address__ - # replacement: kubernetes.default.svc:443 - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - -## Component scraping the kubelet and kubelet-hosted cAdvisor -## -kubelet: - enabled: true - namespace: kube-system - - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## Enable scraping the kubelet over https. For requirements to enable this see - ## https://github.com/prometheus-operator/prometheus-operator/issues/926 - ## - https: true - - ## Enable scraping /metrics/cadvisor from kubelet's service - ## - cAdvisor: true - - ## Enable scraping /metrics/probes from kubelet's service - ## - probes: true - - ## Enable scraping /metrics/resource from kubelet's service - ## This is disabled by default because container metrics are already exposed by cAdvisor - ## - resource: false - # From kubernetes 1.18, /metrics/resource/v1alpha1 renamed to /metrics/resource - resourcePath: "/metrics/resource/v1alpha1" - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - cAdvisorMetricRelabelings: - # Drop less useful container CPU metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_cpu_(cfs_throttled_seconds_total|load_average_10s|system_seconds_total|user_seconds_total)' - # Drop less useful container / always zero filesystem metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_fs_(io_current|io_time_seconds_total|io_time_weighted_seconds_total|reads_merged_total|sector_reads_total|sector_writes_total|writes_merged_total)' - # Drop less useful / always zero container memory metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_memory_(mapped_file|swap)' - # Drop less useful container process metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_(file_descriptors|tasks_state|threads_max)' - # Drop container spec metrics that overlap with kube-state-metrics. - - sourceLabels: [__name__] - action: drop - regex: 'container_spec.*' - # Drop cgroup metrics with no pod. - - sourceLabels: [id, pod] - action: drop - regex: '.+;' - # - sourceLabels: [__name__, image] - # separator: ; - # regex: container_([a-z_]+); - # replacement: $1 - # action: drop - # - sourceLabels: [__name__] - # separator: ; - # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) - # replacement: $1 - # action: drop - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - probesMetricRelabelings: [] - # - sourceLabels: [__name__, image] - # separator: ; - # regex: container_([a-z_]+); - # replacement: $1 - # action: drop - # - sourceLabels: [__name__] - # separator: ; - # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) - # replacement: $1 - # action: drop - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - ## metrics_path is required to match upstream rules and charts - cAdvisorRelabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - probesRelabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - resourceRelabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - sourceLabels: [__name__, image] - # separator: ; - # regex: container_([a-z_]+); - # replacement: $1 - # action: drop - # - sourceLabels: [__name__] - # separator: ; - # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) - # replacement: $1 - # action: drop - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - ## metrics_path is required to match upstream rules and charts - relabelings: - - sourceLabels: [__metrics_path__] - targetLabel: metrics_path - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - -## Component scraping the kube controller manager -## -kubeControllerManager: - enabled: false - - ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on - ## - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - ## If using kubeControllerManager.endpoints only the port and targetPort are used - ## - service: - enabled: true - ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change - ## of default port in Kubernetes 1.22. - ## - port: null - targetPort: null - # selector: - # component: kube-controller-manager - - serviceMonitor: - enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## Enable scraping kube-controller-manager over https. - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. - ## If null or unset, the value is determined dynamically based on target Kubernetes version. - ## - https: null - - # Skip TLS certificate validation when scraping - insecureSkipVerify: null - - # Name of the server to use when validating TLS certificate - serverName: null - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - -## Component scraping coreDns. Use either this or kubeDns -## -coreDns: - enabled: true - service: - port: 9153 - targetPort: 9153 - # selector: - # k8s-app: kube-dns - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - -## Component scraping kubeDns. Use either this or coreDns -## -kubeDns: - enabled: false - service: - dnsmasq: - port: 10054 - targetPort: 10054 - skydns: - port: 10055 - targetPort: 10055 - # selector: - # k8s-app: kube-dns - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - dnsmasqMetricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - dnsmasqRelabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - -## Component scraping etcd -## -kubeEtcd: - enabled: false - - ## If your etcd is not deployed as a pod, specify IPs it can be found on - ## - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used - ## - service: - enabled: true - port: 2381 - targetPort: 2381 - # selector: - # component: etcd - - ## Configure secure access to the etcd cluster by loading a secret into prometheus and - ## specifying security configuration below. For example, with a secret named etcd-client-cert - ## - ## serviceMonitor: - ## scheme: https - ## insecureSkipVerify: false - ## serverName: localhost - ## caFile: /etc/prometheus/secrets/etcd-client-cert/etcd-ca - ## certFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client - ## keyFile: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key - ## - serviceMonitor: - enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - scheme: http - insecureSkipVerify: false - serverName: "" - caFile: "" - certFile: "" - keyFile: "" - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - -## Component scraping kube scheduler -## -kubeScheduler: - enabled: false - - ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on - ## - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - ## If using kubeScheduler.endpoints only the port and targetPort are used - ## - service: - enabled: true - ## If null or unset, the value is determined dynamically based on target Kubernetes version due to change - ## of default port in Kubernetes 1.23. - ## - port: null - targetPort: null - # selector: - # component: kube-scheduler - - serviceMonitor: - enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - ## Enable scraping kube-scheduler over https. - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks. - ## If null or unset, the value is determined dynamically based on target Kubernetes version. - ## - https: null - - ## Skip TLS certificate validation when scraping - insecureSkipVerify: null - - ## Name of the server to use when validating TLS certificate - serverName: null - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - -## Component scraping kube proxy -## -kubeProxy: - enabled: false - - ## If your kube proxy is not deployed as a pod, specify IPs it can be found on - ## - endpoints: [] - # - 10.141.4.22 - # - 10.141.4.23 - # - 10.141.4.24 - - service: - enabled: true - port: 10249 - targetPort: 10249 - # selector: - # k8s-app: kube-proxy - - serviceMonitor: - enabled: true - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## Enable scraping kube-proxy over https. - ## Requires proper certs (not self-signed) and delegated authentication/authorization checks - ## - https: false - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## Additional labels - ## - additionalLabels: {} - # foo: bar - -## Component scraping kube state metrics -## -kubeStateMetrics: - enabled: true - -## Configuration for kube-state-metrics subchart -## -kube-state-metrics: - namespaceOverride: "" - rbac: - create: true - releaseLabel: true - prometheus: - monitor: - enabled: true - - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - - ## Scrape Timeout. If not set, the Prometheus default scrape timeout is used. - ## - scrapeTimeout: "" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - # Keep labels from scraped data, overriding server-side labels - ## - honorLabels: true - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - selfMonitor: - enabled: false - -## Deploy node exporter as a daemonset to all nodes -## -nodeExporter: - enabled: true - -## Configuration for prometheus-node-exporter subchart -## -prometheus-node-exporter: - namespaceOverride: "" - podLabels: - ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards - ## - jobLabel: node-exporter - releaseLabel: true - extraArgs: - - --collector.filesystem.mount-points-exclude=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) - - --collector.filesystem.fs-types-exclude=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ - service: - portName: http-metrics - prometheus: - monitor: - enabled: true - - jobLabel: jobLabel - - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - - ## How long until a scrape request times out. If not set, the Prometheus default scape timeout is used. - ## - scrapeTimeout: "" - - ## proxyUrl: URL of a proxy that should be used for scraping. - ## - proxyUrl: "" - - ## MetricRelabelConfigs to apply to samples after scraping, but before ingestion. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - metricRelabelings: [] - # - sourceLabels: [__name__] - # separator: ; - # regex: ^node_mountstats_nfs_(event|operations|transport)_.+ - # replacement: $1 - # action: drop - - ## RelabelConfigs to apply to samples before scraping - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - -## Manages Prometheus and Alertmanager components -## -prometheusOperator: - enabled: true - - ## Prometheus-Operator v0.39.0 and later support TLS natively. - ## - tls: - enabled: true - # Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants - tlsMinVersion: VersionTLS13 - # Users who are deploying this chart in GKE private clusters will need to add firewall rules to expose this port for admissions webhooks - internalPort: 8443 - - ## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted - ## rules from making their way into prometheus and potentially preventing the container from starting - admissionWebhooks: - failurePolicy: Fail - ## The default timeoutSeconds is 10 and the maximum value is 30. - timeoutSeconds: 10 - enabled: true - ## A PEM encoded CA bundle which will be used to validate the webhook's server certificate. - ## If unspecified, system trust roots on the apiserver are used. - caBundle: "" - ## If enabled, generate a self-signed certificate, then patch the webhook configurations with the generated data. - ## On chart upgrades (or if the secret exists) the cert will not be re-generated. You can use this to provide your own - ## certs ahead of time if you wish. - ## - patch: - enabled: true - image: - repository: rancher/mirrored-ingress-nginx-kube-webhook-certgen - tag: v1.3.0 - sha: "" - pullPolicy: IfNotPresent - resources: {} - ## Provide a priority class name to the webhook patching job - ## - priorityClassName: "" - podAnnotations: {} - nodeSelector: {} - affinity: {} - tolerations: [] - - ## SecurityContext holds pod-level security attributes and common container settings. - ## This defaults to non root user with uid 2000 and gid 2000. *v1.PodSecurityContext false - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 2000 - - # Security context for create job container - createSecretJob: - securityContext: {} - - # Security context for patch job container - patchWebhookJob: - securityContext: {} - - # Use certmanager to generate webhook certs - certManager: - enabled: false - # self-signed root certificate - rootCert: - duration: "" # default to be 5y - admissionCert: - duration: "" # default to be 1y - # issuerRef: - # name: "issuer" - # kind: "ClusterIssuer" - - ## Namespaces to scope the interaction of the Prometheus Operator and the apiserver (allow list). - ## This is mutually exclusive with denyNamespaces. Setting this to an empty object will disable the configuration - ## - namespaces: {} - # releaseNamespace: true - # additional: - # - kube-system - - ## Namespaces not to scope the interaction of the Prometheus Operator (deny list). - ## - denyNamespaces: [] - - ## Filter namespaces to look for prometheus-operator custom resources - ## - alertmanagerInstanceNamespaces: [] - alertmanagerConfigNamespaces: [] - prometheusInstanceNamespaces: [] - thanosRulerInstanceNamespaces: [] - - ## The clusterDomain value will be added to the cluster.peer option of the alertmanager. - ## Without this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated:9094 (default value) - ## With this specified option cluster.peer will have value alertmanager-monitoring-alertmanager-0.alertmanager-operated.namespace.svc.cluster-domain:9094 - ## - # clusterDomain: "cluster.local" - - ## Service account for Alertmanager to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - create: true - name: "" - - ## Configuration for Prometheus operator service - ## - service: - annotations: {} - labels: {} - clusterIP: "" - - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30080 - - nodePortTls: 30443 - - ## Additional ports to open for Prometheus service - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services - ## - additionalPorts: [] - - ## Loadbalancer IP - ## Only use if service.type is "LoadBalancer" - ## - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - - ## Service type - ## NodePort, ClusterIP, LoadBalancer - ## - type: ClusterIP - - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - ## Annotations to add to the operator deployment - ## - annotations: {} - - ## Labels to add to the operator pod - ## - podLabels: {} - - ## Annotations to add to the operator pod - ## - podAnnotations: {} - - ## Assign a PriorityClassName to pods if set - # priorityClassName: "" - - ## Define Log Format - # Use logfmt (default) or json logging - # logFormat: logfmt - - ## Decrease log verbosity to errors only - # logLevel: error - - ## If true, the operator will create and maintain a service for scraping kubelets - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/helm/prometheus-operator/README.md - ## - kubeletService: - enabled: true - namespace: kube-system - ## Use '{{ template "kube-prometheus-stack.fullname" . }}-kubelet' by default - name: "" - - ## Create a servicemonitor for the operator - ## - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - ## Scrape timeout. If not set, the Prometheus default scrape timeout is used. - scrapeTimeout: "" - selfMonitor: true - - ## Metric relabel configs to apply to samples before ingestion. - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Resource limits & requests - ## - resources: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 100m - memory: 100Mi - - # Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico), - # because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working - ## - hostNetwork: false - - ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Tolerations for use with node taints - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - - ## Assign custom affinity rules to the prometheus operator - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - affinity: {} - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/e2e-az-name - # operator: In - # values: - # - e2e-az1 - # - e2e-az2 - dnsConfig: {} - # nameservers: - # - 1.2.3.4 - # searches: - # - ns1.svc.cluster-domain.example - # - my.dns.search.suffix - # options: - # - name: ndots - # value: "2" - # - name: edns0 - securityContext: - fsGroup: 65534 - runAsGroup: 65534 - runAsNonRoot: true - runAsUser: 65534 - - ## Container-specific security context configuration - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - ## - containerSecurityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - - ## Prometheus-operator image - ## - image: - repository: rancher/mirrored-prometheus-operator-prometheus-operator - tag: v0.59.1 - sha: "" - pullPolicy: IfNotPresent - - ## Prometheus image to use for prometheuses managed by the operator - ## - # prometheusDefaultBaseImage: quay.io/prometheus/prometheus - - ## Alertmanager image to use for alertmanagers managed by the operator - ## - # alertmanagerDefaultBaseImage: quay.io/prometheus/alertmanager - - ## Prometheus-config-reloader - ## - prometheusConfigReloader: - image: - repository: rancher/mirrored-prometheus-operator-prometheus-config-reloader - tag: v0.59.1 - sha: "" - - # resource config for prometheusConfigReloader - resources: - requests: - cpu: 200m - memory: 50Mi - limits: - cpu: 200m - memory: 50Mi - - ## Thanos side-car image when configured - ## - thanosImage: - repository: rancher/mirrored-thanos-thanos - tag: v0.28.0 - sha: "" - - ## Set a Field Selector to filter watched secrets - ## - secretFieldSelector: "" - -## Deploy a Prometheus instance -## -prometheus: - - enabled: true - - ## Annotations for Prometheus - ## - annotations: {} - - ## Service account for Prometheuses to use. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - create: true - name: "" - annotations: {} - - # Service for thanos service discovery on sidecar - # Enable this can make Thanos Query can use - # `--store=dnssrv+_grpc._tcp.${kube-prometheus-stack.fullname}-thanos-discovery.${namespace}.svc.cluster.local` to discovery - # Thanos sidecar on prometheus nodes - # (Please remember to change ${kube-prometheus-stack.fullname} and ${namespace}. Not just copy and paste!) - thanosService: - enabled: false - annotations: {} - labels: {} - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - - ## Service type - ## - type: ClusterIP - - ## gRPC port config - portName: grpc - port: 10901 - targetPort: "grpc" - - ## HTTP port config (for metrics) - httpPortName: http - httpPort: 10902 - targetHttpPort: "http" - - ## ClusterIP to assign - # Default is to make this a headless service ("None") - clusterIP: "None" - - ## Port to expose on each node, if service type is NodePort - ## - nodePort: 30901 - httpNodePort: 30902 - - # ServiceMonitor to scrape Sidecar metrics - # Needs thanosService to be enabled as well - thanosServiceMonitor: - enabled: false - interval: "" - - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - scheme: "" - - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/coreos/prometheus-operator/blob/main/Documentation/api.md#tlsconfig - tlsConfig: {} - - bearerTokenFile: - - ## Metric relabel configs to apply to samples before ingestion. - metricRelabelings: [] - - ## relabel configs to apply to samples before ingestion. - relabelings: [] - - # Service for external access to sidecar - # Enabling this creates a service to expose thanos-sidecar outside the cluster. - thanosServiceExternal: - enabled: false - annotations: {} - labels: {} - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - ## gRPC port config - portName: grpc - port: 10901 - targetPort: "grpc" - - ## HTTP port config (for metrics) - httpPortName: http - httpPort: 10902 - targetHttpPort: "http" - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - - ## Service type - ## - type: LoadBalancer - - ## Port to expose on each node - ## - nodePort: 30901 - httpNodePort: 30902 - - ## Configuration for Prometheus service - ## - service: - annotations: {} - labels: {} - clusterIP: "" - - ## Port for Prometheus Service to listen on - ## - port: 9090 - - ## To be used with a proxy extraContainer port - targetPort: 8081 - - ## List of IP addresses at which the Prometheus server service is available - ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips - ## - externalIPs: [] - - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30090 - - ## Loadbalancer IP - ## Only use if service.type is "LoadBalancer" - loadBalancerIP: "" - loadBalancerSourceRanges: [] - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - - ## Service type - ## - type: ClusterIP - - ## Additional port to define in the Service - additionalPorts: [] - # additionalPorts: - # - name: authenticated - # port: 8081 - # targetPort: 8081 - - ## Consider that all endpoints are considered "ready" even if the Pods themselves are not - ## Ref: https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec - publishNotReadyAddresses: false - - sessionAffinity: "" - - ## Configuration for creating a separate Service for each statefulset Prometheus replica - ## - servicePerReplica: - enabled: false - annotations: {} - - ## Port for Prometheus Service per replica to listen on - ## - port: 9090 - - ## To be used with a proxy extraContainer port - targetPort: 9090 - - ## Port to expose on each node - ## Only used if servicePerReplica.type is 'NodePort' - ## - nodePort: 30091 - - ## Loadbalancer source IP ranges - ## Only used if servicePerReplica.type is "LoadBalancer" - loadBalancerSourceRanges: [] - - ## Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - ## - externalTrafficPolicy: Cluster - - ## Service type - ## - type: ClusterIP - - ## Configure pod disruption budgets for Prometheus - ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget - ## This configuration is immutable once created and will require the PDB to be deleted to be changed - ## https://github.com/kubernetes/kubernetes/issues/45398 - ## - podDisruptionBudget: - enabled: false - minAvailable: 1 - maxUnavailable: "" - - # Ingress exposes thanos sidecar outside the cluster - thanosIngress: - enabled: false - - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - - annotations: {} - labels: {} - servicePort: 10901 - - ## Port to expose on each node - ## Only used if service.type is 'NodePort' - ## - nodePort: 30901 - - ## Hosts must be provided if Ingress is enabled. - ## - hosts: [] - # - thanos-gateway.domain.com - - ## Paths to use for ingress rules - ## - paths: [] - # - / - - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific - - ## TLS configuration for Thanos Ingress - ## Secret must be manually created in the namespace - ## - tls: [] - # - secretName: thanos-gateway-tls - # hosts: - # - thanos-gateway.domain.com - # - - ## ExtraSecret can be used to store various data in an extra secret - ## (use it for example to store hashed basic auth credentials) - extraSecret: - ## if not set, name will be auto generated - # name: "" - annotations: {} - data: {} - # auth: | - # foo:$apr1$OFG3Xybp$ckL0FHDAkoXYIlH9.cysT0 - # someoneelse:$apr1$DMZX2Z4q$6SbQIfyuLQd.xmo/P0m2c. - - ingress: - enabled: false - - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - - annotations: {} - labels: {} - - ## Redirect ingress to an additional defined port on the service - # servicePort: 8081 - - ## Hostnames. - ## Must be provided if Ingress is enabled. - ## - # hosts: - # - prometheus.domain.com - hosts: [] - - ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix - ## - paths: [] - # - / - - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific - - ## TLS configuration for Prometheus Ingress - ## Secret must be manually created in the namespace - ## - tls: [] - # - secretName: prometheus-general-tls - # hosts: - # - prometheus.example.com - - ## Configuration for creating an Ingress that will map to each Prometheus replica service - ## prometheus.servicePerReplica must be enabled - ## - ingressPerReplica: - enabled: false - - # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName - # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress - # ingressClassName: nginx - - annotations: {} - labels: {} - - ## Final form of the hostname for each per replica ingress is - ## {{ ingressPerReplica.hostPrefix }}-{{ $replicaNumber }}.{{ ingressPerReplica.hostDomain }} - ## - ## Prefix for the per replica ingress that will have `-$replicaNumber` - ## appended to the end - hostPrefix: "" - ## Domain that will be used for the per replica ingress - hostDomain: "" - - ## Paths to use for ingress rules - ## - paths: [] - # - / - - ## For Kubernetes >= 1.18 you should specify the pathType (determines how Ingress paths should be matched) - ## See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#better-path-matching-with-path-types - # pathType: ImplementationSpecific - - ## Secret name containing the TLS certificate for Prometheus per replica ingress - ## Secret must be manually created in the namespace - tlsSecretName: "" - - ## Separated secret for each per replica Ingress. Can be used together with cert-manager - ## - tlsSecretPerReplica: - enabled: false - ## Final form of the secret for each per replica ingress is - ## {{ tlsSecretPerReplica.prefix }}-{{ $replicaNumber }} - ## - prefix: "prometheus" - - ## Configure additional options for default pod security policy for Prometheus - ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - podSecurityPolicy: - allowedCapabilities: [] - allowedHostPaths: [] - volumes: [] - - serviceMonitor: - ## Scrape interval. If not set, the Prometheus default scrape interval is used. - ## - interval: "" - selfMonitor: true - - ## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS. - scheme: "" - - ## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS. - ## Of type: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#tlsconfig - tlsConfig: {} - - bearerTokenFile: - - ## Metric relabel configs to apply to samples before ingestion. - ## - metricRelabelings: [] - # - action: keep - # regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' - # sourceLabels: [__name__] - - # relabel configs to apply to samples before ingestion. - ## - relabelings: [] - # - sourceLabels: [__meta_kubernetes_pod_node_name] - # separator: ; - # regex: ^(.*)$ - # targetLabel: nodename - # replacement: $1 - # action: replace - - ## Settings affecting prometheusSpec - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#prometheusspec - ## - prometheusSpec: - ## If true, pass --storage.tsdb.max-block-duration=2h to prometheus. This is already done if using Thanos - ## - disableCompaction: false - ## APIServerConfig - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#apiserverconfig - ## - apiserverConfig: {} - - ## Interval between consecutive scrapes. - ## Defaults to 30s. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/release-0.44/pkg/prometheus/promcfg.go#L180-L183 - ## - scrapeInterval: "" - - ## Number of seconds to wait for target to respond before erroring - ## - scrapeTimeout: "" - - ## Interval between consecutive evaluations. - ## - evaluationInterval: "" - - ## ListenLocal makes the Prometheus server listen on loopback, so that it does not bind against the Pod IP. - ## - listenLocal: false - - ## EnableAdminAPI enables Prometheus the administrative HTTP API which includes functionality such as deleting time series. - ## This is disabled by default. - ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis - ## - enableAdminAPI: false - - ## WebTLSConfig defines the TLS parameters for HTTPS - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#webtlsconfig - web: {} - - ## Exemplars related settings that are runtime reloadable. - ## It requires to enable the exemplar storage feature to be effective. - exemplars: "" - ## Maximum number of exemplars stored in memory for all series. - ## If not set, Prometheus uses its default value. - ## A value of zero or less than zero disables the storage. - # maxSize: 100000 - - # EnableFeatures API enables access to Prometheus disabled features. - # ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ - enableFeatures: [] - # - exemplar-storage - - ## Image of Prometheus. - ## - image: - repository: rancher/mirrored-prometheus-prometheus - tag: v2.38.0 - sha: "" - - ## Tolerations for use with node taints - ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - ## - tolerations: [] - # - key: "key" - # operator: "Equal" - # value: "value" - # effect: "NoSchedule" - - ## If specified, the pod's topology spread constraints. - ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - ## - topologySpreadConstraints: [] - # - maxSkew: 1 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: DoNotSchedule - # labelSelector: - # matchLabels: - # app: prometheus - - ## Alertmanagers to which alerts will be sent - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#alertmanagerendpoints - ## - ## Default configuration will connect to the alertmanager deployed as part of this release - ## - alertingEndpoints: [] - # - name: "" - # namespace: "" - # port: http - # scheme: http - # pathPrefix: "" - # tlsConfig: {} - # bearerTokenFile: "" - # apiVersion: v2 - - ## External labels to add to any time series or alerts when communicating with external systems - ## - externalLabels: {} - - ## enable --web.enable-remote-write-receiver flag on prometheus-server - ## - enableRemoteWriteReceiver: false - - ## Name of the external label used to denote replica name - ## - replicaExternalLabelName: "" - - ## If true, the Operator won't add the external label used to denote replica name - ## - replicaExternalLabelNameClear: false - - ## Name of the external label used to denote Prometheus instance name - ## - prometheusExternalLabelName: "" - - ## If true, the Operator won't add the external label used to denote Prometheus instance name - ## - prometheusExternalLabelNameClear: false - - ## External URL at which Prometheus will be reachable. - ## - externalUrl: "" - - ## Define which Nodes the Pods are scheduled on. - ## ref: https://kubernetes.io/docs/user-guide/node-selection/ - ## - nodeSelector: {} - - ## Secrets is a list of Secrets in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. - ## The Secrets are mounted into /etc/prometheus/secrets/. Secrets changes after initial creation of a Prometheus object are not - ## reflected in the running Pods. To change the secrets mounted into the Prometheus Pods, the object must be deleted and recreated - ## with the new list of secrets. - ## - secrets: [] - - ## ConfigMaps is a list of ConfigMaps in the same namespace as the Prometheus object, which shall be mounted into the Prometheus Pods. - ## The ConfigMaps are mounted into /etc/prometheus/configmaps/. - ## - configMaps: [] - - ## QuerySpec defines the query command line flags when starting Prometheus. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#queryspec - ## - query: {} - - ## Namespaces to be selected for PrometheusRules discovery. - ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery. - ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage - ## - ruleNamespaceSelector: {} - - ## If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the PrometheusRule resources created - ## - ruleSelectorNilUsesHelmValues: false - - ## PrometheusRules to be selected for target discovery. - ## If {}, select all PrometheusRules - ## - ruleSelector: {} - ## Example which select all PrometheusRules resources - ## with label "prometheus" with values any of "example-rules" or "example-rules-2" - # ruleSelector: - # matchExpressions: - # - key: prometheus - # operator: In - # values: - # - example-rules - # - example-rules-2 - # - ## Example which select all PrometheusRules resources with label "role" set to "example-rules" - # ruleSelector: - # matchLabels: - # role: example-rules - - ## If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the servicemonitors created - ## - serviceMonitorSelectorNilUsesHelmValues: false - - ## ServiceMonitors to be selected for target discovery. - ## If {}, select all ServiceMonitors - ## - serviceMonitorSelector: {} - ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" - # serviceMonitorSelector: - # matchLabels: - # prometheus: somelabel - - ## Namespaces to be selected for ServiceMonitor discovery. - ## - serviceMonitorNamespaceSelector: {} - ## Example which selects ServiceMonitors in namespaces with label "prometheus" set to "somelabel" - # serviceMonitorNamespaceSelector: - # matchLabels: - # prometheus: somelabel - - ## If true, a nil or {} value for prometheus.prometheusSpec.podMonitorSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the podmonitors created - ## - podMonitorSelectorNilUsesHelmValues: false - - ## PodMonitors to be selected for target discovery. - ## If {}, select all PodMonitors - ## - podMonitorSelector: {} - ## Example which selects PodMonitors with label "prometheus" set to "somelabel" - # podMonitorSelector: - # matchLabels: - # prometheus: somelabel - - ## Namespaces to be selected for PodMonitor discovery. - ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage - ## - podMonitorNamespaceSelector: {} - - ## If true, a nil or {} value for prometheus.prometheusSpec.probeSelector will cause the - ## prometheus resource to be created with selectors based on values in the helm deployment, - ## which will also match the probes created - ## - probeSelectorNilUsesHelmValues: true - - ## Probes to be selected for target discovery. - ## If {}, select all Probes - ## - probeSelector: {} - ## Example which selects Probes with label "prometheus" set to "somelabel" - # probeSelector: - # matchLabels: - # prometheus: somelabel - - ## Namespaces to be selected for Probe discovery. - ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#namespaceselector for usage - ## - probeNamespaceSelector: {} - - ## How long to retain metrics - ## - retention: 10d - - ## Maximum size of metrics - ## - retentionSize: "" - - ## Enable compression of the write-ahead log using Snappy. - ## - walCompression: true - - ## If true, the Operator won't process any Prometheus configuration changes - ## - paused: false - - ## Number of replicas of each shard to deploy for a Prometheus deployment. - ## Number of replicas multiplied by shards is the total number of Pods created. - ## - replicas: 1 - - ## EXPERIMENTAL: Number of shards to distribute targets onto. - ## Number of replicas multiplied by shards is the total number of Pods created. - ## Note that scaling down shards will not reshard data onto remaining instances, it must be manually moved. - ## Increasing shards will not reshard data either but it will continue to be available from the same instances. - ## To query globally use Thanos sidecar and Thanos querier or remote write data to a central location. - ## Sharding is done on the content of the `__address__` target meta-label. - ## - shards: 1 - - ## Log level for Prometheus be configured in - ## - logLevel: info - - ## Log format for Prometheus be configured in - ## - logFormat: logfmt - - ## Prefix used to register routes, overriding externalUrl route. - ## Useful for proxies that rewrite URLs. - ## - routePrefix: / - - ## Standard object's metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata - ## Metadata Labels and Annotations gets propagated to the prometheus pods. - ## - podMetadata: {} - # labels: - # app: prometheus - # k8s-app: prometheus - - ## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node. - ## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided. - ## The value "hard" means that the scheduler is *required* to not schedule two replica pods onto the same node. - ## The value "" will disable pod anti-affinity so that no anti-affinity rules will be configured. - podAntiAffinity: "" - - ## If anti-affinity is enabled sets the topologyKey to use for anti-affinity. - ## This can be changed to, for example, failure-domain.beta.kubernetes.io/zone - ## - podAntiAffinityTopologyKey: kubernetes.io/hostname - - ## Assign custom affinity rules to the prometheus instance - ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## - affinity: {} - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/e2e-az-name - # operator: In - # values: - # - e2e-az1 - # - e2e-az2 - - ## The remote_read spec configuration for Prometheus. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotereadspec - remoteRead: [] - # - url: http://remote1/read - ## additionalRemoteRead is appended to remoteRead - additionalRemoteRead: [] - - ## The remote_write spec configuration for Prometheus. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#remotewritespec - remoteWrite: [] - # - url: http://remote1/push - ## additionalRemoteWrite is appended to remoteWrite - additionalRemoteWrite: [] - - ## Enable/Disable Grafana dashboards provisioning for prometheus remote write feature - remoteWriteDashboards: false - - ## Resource limits & requests - ## - resources: - limits: - memory: 3000Mi - cpu: 1000m - requests: - memory: 750Mi - cpu: 750m - - ## Prometheus StorageSpec for persistent data - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/user-guides/storage.md - ## - storageSpec: {} - ## Using PersistentVolumeClaim - ## - # volumeClaimTemplate: - # spec: - # storageClassName: gluster - # accessModes: ["ReadWriteOnce"] - # resources: - # requests: - # storage: 50Gi - # selector: {} - - ## Using tmpfs volume - ## - # emptyDir: - # medium: Memory - - # Additional volumes on the output StatefulSet definition. - volumes: - - name: nginx-home - emptyDir: {} - - name: prometheus-nginx - configMap: - name: prometheus-nginx-proxy-config - defaultMode: 438 - - # Additional VolumeMounts on the output StatefulSet definition. - volumeMounts: [] - - ## AdditionalScrapeConfigs allows specifying additional Prometheus scrape configurations. Scrape configurations - ## are appended to the configurations generated by the Prometheus Operator. Job configurations must have the form - ## as specified in the official Prometheus documentation: - ## https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. As scrape configs are - ## appended, the user is responsible to make sure it is valid. Note that using this feature may expose the possibility - ## to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible - ## scrape configs are going to break Prometheus after the upgrade. - ## AdditionalScrapeConfigs can be defined as a list or as a templated string. - ## - ## The scrape configuration example below will find master nodes, provided they have the name .*mst.*, relabel the - ## port to 2379 and allow etcd scraping provided it is running on all Kubernetes master nodes - ## - additionalScrapeConfigs: [] - # - job_name: kube-etcd - # kubernetes_sd_configs: - # - role: node - # scheme: https - # tls_config: - # ca_file: /etc/prometheus/secrets/etcd-client-cert/etcd-ca - # cert_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client - # key_file: /etc/prometheus/secrets/etcd-client-cert/etcd-client-key - # relabel_configs: - # - action: labelmap - # regex: __meta_kubernetes_node_label_(.+) - # - source_labels: [__address__] - # action: replace - # targetLabel: __address__ - # regex: ([^:;]+):(\d+) - # replacement: ${1}:2379 - # - source_labels: [__meta_kubernetes_node_name] - # action: keep - # regex: .*mst.* - # - source_labels: [__meta_kubernetes_node_name] - # action: replace - # targetLabel: node - # regex: (.*) - # replacement: ${1} - # metric_relabel_configs: - # - regex: (kubernetes_io_hostname|failure_domain_beta_kubernetes_io_region|beta_kubernetes_io_os|beta_kubernetes_io_arch|beta_kubernetes_io_instance_type|failure_domain_beta_kubernetes_io_zone) - # action: labeldrop - # - ## If scrape config contains a repetitive section, you may want to use a template. - ## In the following example, you can see how to define `gce_sd_configs` for multiple zones - # additionalScrapeConfigs: | - # - job_name: "node-exporter" - # gce_sd_configs: - # {{range $zone := .Values.gcp_zones}} - # - project: "project1" - # zone: "{{$zone}}" - # port: 9100 - # {{end}} - # relabel_configs: - # ... - - ## If additional scrape configurations are already deployed in a single secret file you can use this section. - ## Expected values are the secret name and key - ## Cannot be used with additionalScrapeConfigs - additionalScrapeConfigsSecret: {} - # enabled: false - # name: - # key: - - ## additionalPrometheusSecretsAnnotations allows to add annotations to the kubernetes secret. This can be useful - ## when deploying via spinnaker to disable versioning on the secret, strategy.spinnaker.io/versioned: 'false' - additionalPrometheusSecretsAnnotations: {} - - ## AdditionalAlertManagerConfigs allows for manual configuration of alertmanager jobs in the form as specified - ## in the official Prometheus documentation https://prometheus.io/docs/prometheus/latest/configuration/configuration/#. - ## AlertManager configurations specified are appended to the configurations generated by the Prometheus Operator. - ## As AlertManager configs are appended, the user is responsible to make sure it is valid. Note that using this - ## feature may expose the possibility to break upgrades of Prometheus. It is advised to review Prometheus release - ## notes to ensure that no incompatible AlertManager configs are going to break Prometheus after the upgrade. - ## - additionalAlertManagerConfigs: [] - # - consul_sd_configs: - # - server: consul.dev.test:8500 - # scheme: http - # datacenter: dev - # tag_separator: ',' - # services: - # - metrics-prometheus-alertmanager - - ## If additional alertmanager configurations are already deployed in a single secret, or you want to manage - ## them separately from the helm deployment, you can use this section. - ## Expected values are the secret name and key - ## Cannot be used with additionalAlertManagerConfigs - additionalAlertManagerConfigsSecret: {} - # name: - # key: - # optional: false - - ## AdditionalAlertRelabelConfigs allows specifying Prometheus alert relabel configurations. Alert relabel configurations specified are appended - ## to the configurations generated by the Prometheus Operator. Alert relabel configurations specified must have the form as specified in the - ## official Prometheus documentation: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs. - ## As alert relabel configs are appended, the user is responsible to make sure it is valid. Note that using this feature may expose the - ## possibility to break upgrades of Prometheus. It is advised to review Prometheus release notes to ensure that no incompatible alert relabel - ## configs are going to break Prometheus after the upgrade. - ## - additionalAlertRelabelConfigs: [] - # - separator: ; - # regex: prometheus_replica - # replacement: $1 - # action: labeldrop - - ## If additional alert relabel configurations are already deployed in a single secret, or you want to manage - ## them separately from the helm deployment, you can use this section. - ## Expected values are the secret name and key - ## Cannot be used with additionalAlertRelabelConfigs - additionalAlertRelabelConfigsSecret: {} - # name: - # key: - - ## SecurityContext holds pod-level security attributes and common container settings. - ## This defaults to non root user with uid 1000 and gid 2000. - ## https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md - ## - securityContext: - runAsGroup: 2000 - runAsNonRoot: true - runAsUser: 1000 - fsGroup: 2000 - - ## Priority class assigned to the Pods - ## - priorityClassName: "" - - ## Thanos configuration allows configuring various aspects of a Prometheus server in a Thanos environment. - ## This section is experimental, it may change significantly without deprecation notice in any release. - ## This is experimental and may change significantly without backward compatibility in any release. - ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#thanosspec - ## - thanos: {} - # secretProviderClass: - # provider: gcp - # parameters: - # secrets: | - # - resourceName: "projects/$PROJECT_ID/secrets/testsecret/versions/latest" - # fileName: "objstore.yaml" - # objectStorageConfigFile: /var/secrets/object-store.yaml - - proxy: - image: - repository: rancher/mirrored-library-nginx - tag: 1.24.0-alpine - - ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. - ## if using proxy extraContainer update targetPort with proxy container port - containers: | - - name: prometheus-proxy - args: - - nginx - - -g - - daemon off; - - -c - - /nginx/nginx.conf - image: "{{ template "system_default_registry" . }}{{ .Values.prometheus.prometheusSpec.proxy.image.repository }}:{{ .Values.prometheus.prometheusSpec.proxy.image.tag }}" - ports: - - containerPort: 8081 - name: nginx-http - protocol: TCP - volumeMounts: - - mountPath: /nginx - name: prometheus-nginx - - mountPath: /var/cache/nginx - name: nginx-home - securityContext: - runAsUser: 101 - runAsGroup: 101 - - ## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes - ## (permissions, dir tree) on mounted volumes before starting prometheus - initContainers: [] - - ## PortName to use for Prometheus. - ## - portName: "http-web" - - ## ArbitraryFSAccessThroughSMs configures whether configuration based on a service monitor can access arbitrary files - ## on the file system of the Prometheus container e.g. bearer token files. - arbitraryFSAccessThroughSMs: false - - ## OverrideHonorLabels if set to true overrides all user configured honor_labels. If HonorLabels is set in ServiceMonitor - ## or PodMonitor to true, this overrides honor_labels to false. - overrideHonorLabels: false - - ## OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. - overrideHonorTimestamps: false - - ## IgnoreNamespaceSelectors if set to true will ignore NamespaceSelector settings from the podmonitor and servicemonitor - ## configs, and they will only discover endpoints within their current namespace. Defaults to false. - ignoreNamespaceSelectors: false - - ## EnforcedNamespaceLabel enforces adding a namespace label of origin for each alert and metric that is user created. - ## The label value will always be the namespace of the object that is being created. - ## Disabled by default - enforcedNamespaceLabel: "" - - ## PrometheusRulesExcludedFromEnforce - list of prometheus rules to be excluded from enforcing of adding namespace labels. - ## Works only if enforcedNamespaceLabel set to true. Make sure both ruleNamespace and ruleName are set for each pair - ## Deprecated, use `excludedFromEnforcement` instead - prometheusRulesExcludedFromEnforce: [] - - ## ExcludedFromEnforcement - list of object references to PodMonitor, ServiceMonitor, Probe and PrometheusRule objects - ## to be excluded from enforcing a namespace label of origin. - ## Works only if enforcedNamespaceLabel set to true. - ## See https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#objectreference - excludedFromEnforcement: [] - - ## QueryLogFile specifies the file to which PromQL queries are logged. Note that this location must be writable, - ## and can be persisted using an attached volume. Alternatively, the location can be set to a stdout location such - ## as /dev/stdout to log querie information to the default Prometheus log stream. This is only available in versions - ## of Prometheus >= 2.16.0. For more details, see the Prometheus docs (https://prometheus.io/docs/guides/query-log/) - queryLogFile: false - - ## EnforcedSampleLimit defines global limit on number of scraped samples that will be accepted. This overrides any SampleLimit - ## set per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the SampleLimit to keep overall - ## number of samples/series under the desired limit. Note that if SampleLimit is lower that value will be taken instead. - enforcedSampleLimit: false - - ## EnforcedTargetLimit defines a global limit on the number of scraped targets. This overrides any TargetLimit set - ## per ServiceMonitor or/and PodMonitor. It is meant to be used by admins to enforce the TargetLimit to keep the overall - ## number of targets under the desired limit. Note that if TargetLimit is lower, that value will be taken instead, except - ## if either value is zero, in which case the non-zero value will be used. If both values are zero, no limit is enforced. - enforcedTargetLimit: false - - ## Per-scrape limit on number of labels that will be accepted for a sample. If more than this number of labels are present - ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions - ## 2.27.0 and newer. - enforcedLabelLimit: false - - ## Per-scrape limit on length of labels name that will be accepted for a sample. If a label name is longer than this number - ## post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus versions - ## 2.27.0 and newer. - enforcedLabelNameLengthLimit: false - - ## Per-scrape limit on length of labels value that will be accepted for a sample. If a label value is longer than this - ## number post metric-relabeling, the entire scrape will be treated as failed. 0 means no limit. Only valid in Prometheus - ## versions 2.27.0 and newer. - enforcedLabelValueLengthLimit: false - - ## AllowOverlappingBlocks enables vertical compaction and vertical query merge in Prometheus. This is still experimental - ## in Prometheus so it may change in any upcoming release. - allowOverlappingBlocks: false - - ## Minimum number of seconds for which a newly created pod should be ready without any of its container crashing for it to - ## be considered available. Defaults to 0 (pod will be considered available as soon as it is ready). - minReadySeconds: 0 - - additionalRulesForClusterRole: [] - # - apiGroups: [ "" ] - # resources: - # - nodes/proxy - # verbs: [ "get", "list", "watch" ] - - additionalServiceMonitors: [] - ## Name of the ServiceMonitor to create - ## - # - name: "" - - ## Additional labels to set used for the ServiceMonitorSelector. Together with standard labels from - ## the chart - ## - # additionalLabels: {} - - ## Service label for use in assembling a job name of the form