From 455e987a015d7db010dad1a66c3e41d3b6a441e0 Mon Sep 17 00:00:00 2001 From: Stephan Lo Date: Sun, 22 Jun 2025 15:20:29 +0200 Subject: [PATCH] Initial upload --- otc/ABC/registry/observability-client.yaml | 24 + .../manifests/argocd-server-ingress.yaml | 2 +- otc/ABC/stacks/core/argocd/values.yaml | 4 +- .../stacks/forgejo/forgejo-server/values.yaml | 40 +- .../observability-client/metrics-server.yaml | 29 + .../metrics-server/values.yaml | 4 + .../vector.yaml | 2 +- .../vector/values.yaml | 15 +- .../observability-client/vm-client-stack.yaml | 31 + .../manifests/simple-user-secret.yaml | 9 + .../vm-client-stack/values.yaml | 1288 +++++++++++++++++ .../observability/grafana-operator.yaml | 26 + .../grafana-operator/manifests/argocd.yaml | 9 + .../grafana-operator/manifests/grafana.yaml | 14 + .../manifests/ingress-nginx.yaml | 9 + .../manifests/victoria-logs.yaml | 9 + .../observability/victoria-k8s-stack.yaml | 5 +- .../victoria-k8s-stack/manifests/vmauth.yaml | 4 +- .../victoria-k8s-stack/values.yaml | 53 +- 19 files changed, 1531 insertions(+), 46 deletions(-) create mode 100644 otc/ABC/registry/observability-client.yaml create mode 100644 otc/ABC/stacks/observability-client/metrics-server.yaml create mode 100644 otc/ABC/stacks/observability-client/metrics-server/values.yaml rename otc/ABC/stacks/{core => observability-client}/vector.yaml (88%) rename otc/ABC/stacks/{core => observability-client}/vector/values.yaml (75%) create mode 100644 otc/ABC/stacks/observability-client/vm-client-stack.yaml create mode 100644 otc/ABC/stacks/observability-client/vm-client-stack/manifests/simple-user-secret.yaml create mode 100644 otc/ABC/stacks/observability-client/vm-client-stack/values.yaml create mode 100644 otc/ABC/stacks/observability/grafana-operator.yaml create mode 100644 otc/ABC/stacks/observability/grafana-operator/manifests/argocd.yaml create mode 100644 otc/ABC/stacks/observability/grafana-operator/manifests/grafana.yaml create mode 100644 otc/ABC/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml create mode 100644 otc/ABC/stacks/observability/grafana-operator/manifests/victoria-logs.yaml diff --git a/otc/ABC/registry/observability-client.yaml b/otc/ABC/registry/observability-client.yaml new file mode 100644 index 0000000..b22f19b --- /dev/null +++ b/otc/ABC/registry/observability-client.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: observability-client + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + name: in-cluster + namespace: argocd + source: + path: "otc/ABC/stacks/observability-client" + repoURL: "https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances" + targetRevision: HEAD + project: default + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/otc/ABC/stacks/core/argocd/manifests/argocd-server-ingress.yaml b/otc/ABC/stacks/core/argocd/manifests/argocd-server-ingress.yaml index 5eeb08f..e71e7d8 100644 --- a/otc/ABC/stacks/core/argocd/manifests/argocd-server-ingress.yaml +++ b/otc/ABC/stacks/core/argocd/manifests/argocd-server-ingress.yaml @@ -19,7 +19,7 @@ spec: name: argocd-server port: number: 80 - path: /argocd + path: / pathType: Prefix tls: - hosts: diff --git a/otc/ABC/stacks/core/argocd/values.yaml b/otc/ABC/stacks/core/argocd/values.yaml index 7460d00..b7cabc9 100644 --- a/otc/ABC/stacks/core/argocd/values.yaml +++ b/otc/ABC/stacks/core/argocd/values.yaml @@ -4,8 +4,6 @@ global: configs: params: server.insecure: true - server.basehref: /argocd - server.rootpath: /argocd cm: application.resourceTrackingMethod: annotation timeout.reconciliation: 60s @@ -21,7 +19,7 @@ configs: clusters: - "*" accounts.provider-argocd: apiKey - url: https://ABC/argocd + url: https://ABC rbac: policy.csv: 'g, provider-argocd, role:admin' diff --git a/otc/ABC/stacks/forgejo/forgejo-server/values.yaml b/otc/ABC/stacks/forgejo/forgejo-server/values.yaml index 8a071f7..29dcdf7 100644 --- a/otc/ABC/stacks/forgejo/forgejo-server/values.yaml +++ b/otc/ABC/stacks/forgejo/forgejo-server/values.yaml @@ -1,3 +1,7 @@ +# We use recreate to make sure only one instance with one version is running, because Forgejo might break or data gets inconsistant. +strategy: + type: Recreate + redis-cluster: enabled: false @@ -12,26 +16,27 @@ postgresql-ha: persistence: enabled: true - size: 5Gi + size: 200Gi + annotations: + everest.io/crypt-key-id: KMS test: enabled: false deployment: env: - - name: SSL_CERT_FILE - value: /etc/elasticsearch/elasticsearch.cer + - name: SSL_CERT_DIR + value: /etc/ssl/forgejo extraVolumeMounts: - - mountPath: /etc/elasticsearch - name: elasticsearch-cert-volume + - mountPath: /etc/ssl/forgejo + name: custom-database-certs-volume readOnly: true extraVolumes: - - name: elasticsearch-cert-volume - configMap: - defaultMode: 420 - name: elasticsearch-cert + - name: custom-database-certs-volume + secret: + secretName: custom-database-certs gitea: additionalConfigFromEnvs: @@ -85,6 +90,11 @@ gitea: secretKeyRef: name: elasticsearch-cloud-credentials key: connection-string + - name: FORGEJO__mailer__PASSWD + valueFrom: + secretKeyRef: + name: email-user-credentials + key: connection-string admin: existingSecret: gitea-credential @@ -101,7 +111,7 @@ gitea: MINIO_ENDPOINT: obs.eu-de.otc.t-systems.com:443 STORAGE_TYPE: minio MINIO_LOCATION: eu-de - MINIO_BUCKET: edp-forgejo-mycluster + MINIO_BUCKET: edp-forgejo-kind MINIO_USE_SSL: true queue: @@ -123,6 +133,7 @@ gitea: database: DB_TYPE: postgres + SSL_MODE: verify-ca server: DOMAIN: 'ABC' @@ -130,10 +141,11 @@ gitea: mailer: ENABLED: true - FROM: forgejo@ABC - PROTOCOL: smtp - SMTP_ADDR: mailhog.mailhog.svc.cluster.local - SMTP_PORT: 1025 + USER: ipcei-cis-devfw@mms-support.de + PROTOCOL: smtps + FROM: '"IPCEI CIS DevFW" ' + SMTP_ADDR: mail.mms-support.de + SMTP_PORT: 465 service: ssh: diff --git a/otc/ABC/stacks/observability-client/metrics-server.yaml b/otc/ABC/stacks/observability-client/metrics-server.yaml new file mode 100644 index 0000000..28bd1d2 --- /dev/null +++ b/otc/ABC/stacks/observability-client/metrics-server.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: metrics-server + namespace: argocd + labels: + env: dev +spec: + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + retry: + limit: -1 + destination: + name: in-cluster + namespace: observability + sources: + - chart: metrics-server + repoURL: https://kubernetes-sigs.github.io/metrics-server/ + targetRevision: 3.12.2 + helm: + valueFiles: + - $values/otc/ABC/stacks/observability-client/metrics-server/values.yaml + - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances + targetRevision: HEAD + ref: values diff --git a/otc/ABC/stacks/observability-client/metrics-server/values.yaml b/otc/ABC/stacks/observability-client/metrics-server/values.yaml new file mode 100644 index 0000000..e96ba41 --- /dev/null +++ b/otc/ABC/stacks/observability-client/metrics-server/values.yaml @@ -0,0 +1,4 @@ +metrics: + enabled: true +serviceMonitor: + enabled: true diff --git a/otc/ABC/stacks/core/vector.yaml b/otc/ABC/stacks/observability-client/vector.yaml similarity index 88% rename from otc/ABC/stacks/core/vector.yaml rename to otc/ABC/stacks/observability-client/vector.yaml index f65a032..3064dbf 100644 --- a/otc/ABC/stacks/core/vector.yaml +++ b/otc/ABC/stacks/observability-client/vector.yaml @@ -23,7 +23,7 @@ spec: targetRevision: 0.43.0 helm: valueFiles: - - $values/otc/ABC/stacks/core/vector/values.yaml + - $values/otc/ABC/stacks/observability-client/vector/values.yaml - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances targetRevision: HEAD ref: values diff --git a/otc/ABC/stacks/core/vector/values.yaml b/otc/ABC/stacks/observability-client/vector/values.yaml similarity index 75% rename from otc/ABC/stacks/core/vector/values.yaml rename to otc/ABC/stacks/observability-client/vector/values.yaml index 6d98171..753d596 100644 --- a/otc/ABC/stacks/core/vector/values.yaml +++ b/otc/ABC/stacks/observability-client/vector/values.yaml @@ -30,11 +30,9 @@ customConfig: source: | .log = parse_json(.message) ?? .message del(.message) + # Add the cluster environment to the log event + .cluster_environment = "kind" sinks: - exporter: - type: prometheus_exporter - address: 0.0.0.0:9090 - inputs: [internal_metrics] vlogs: type: elasticsearch inputs: [parser] @@ -51,8 +49,9 @@ customConfig: enabled: false request: headers: - VL-Time-Field: timestamp - VL-Stream-Fields: stream,kubernetes.pod_name,kubernetes.container_name,kubernetes.pod_namespace - VL-Msg-Field: message,msg,_msg,log.msg,log.message,log AccountID: "0" - ProjectID: "0" \ No newline at end of file + ProjectID: "0" + query: + _msg_field: _msg + _time_field: _time + _stream_fields: cluster_environment,kubernetes.container_name,kubernetes.namespace \ No newline at end of file diff --git a/otc/ABC/stacks/observability-client/vm-client-stack.yaml b/otc/ABC/stacks/observability-client/vm-client-stack.yaml new file mode 100644 index 0000000..c862c3e --- /dev/null +++ b/otc/ABC/stacks/observability-client/vm-client-stack.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vm-client + namespace: argocd + labels: + env: dev +spec: + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + destination: + name: in-cluster + namespace: observability + sources: + - chart: victoria-metrics-k8s-stack + repoURL: https://victoriametrics.github.io/helm-charts/ + targetRevision: 0.48.1 + releaseName: vm-client + helm: + valueFiles: + - $values/otc/ABC/stacks/observability-client/vm-client-stack/values.yaml + - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances + targetRevision: HEAD + ref: values + - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances + targetRevision: HEAD + path: "otc/ABC/stacks/observability-client/vm-client-stack/manifests" diff --git a/otc/ABC/stacks/observability-client/vm-client-stack/manifests/simple-user-secret.yaml b/otc/ABC/stacks/observability-client/vm-client-stack/manifests/simple-user-secret.yaml new file mode 100644 index 0000000..f13b0b6 --- /dev/null +++ b/otc/ABC/stacks/observability-client/vm-client-stack/manifests/simple-user-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: simple-user-secret + namespace: observability +type: Opaque +stringData: + username: simple-user + password: simple-password diff --git a/otc/ABC/stacks/observability-client/vm-client-stack/values.yaml b/otc/ABC/stacks/observability-client/vm-client-stack/values.yaml new file mode 100644 index 0000000..3f85a67 --- /dev/null +++ b/otc/ABC/stacks/observability-client/vm-client-stack/values.yaml @@ -0,0 +1,1288 @@ +global: + # -- Cluster label to use for dashboards and rules + clusterLabel: cluster + # -- Global license configuration + license: + key: "" + keyRef: {} + # name: secret-license + # key: license + cluster: + # -- K8s cluster domain suffix, uses for building storage pods' FQDN. Details are [here](https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/) + dnsDomain: cluster.local. + +# -- Override chart name +nameOverride: "" +# -- Resource full name override +fullnameOverride: "" +# -- Tenant to use for Grafana datasources and remote write +tenant: "0" +# -- If this chart is used in "Argocd" with "releaseName" field then +# VMServiceScrapes couldn't select the proper services. +# For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME' +argocdReleaseOverride: "" + +# -- VictoriaMetrics Operator dependency chart configuration. More values can be found [here](https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters). Also checkout [here](https://docs.victoriametrics.com/operator/vars) possible ENV variables to configure operator behaviour +victoria-metrics-operator: + enabled: true + crds: + plain: true + cleanup: + enabled: true + image: + repository: bitnami/kubectl + pullPolicy: IfNotPresent + serviceMonitor: + enabled: true + operator: + # -- By default, operator converts prometheus-operator objects. + disable_prometheus_converter: false + # group pinguin added the admissionWebhooks value according to https://docs.victoriametrics.com/helm/victoriametrics-k8s-stack/#argocd-issues + admissionWebhooks: + certManager: + enabled: true + +defaultDashboards: + # -- Enable custom dashboards installation + enabled: false + defaultTimezone: utc + labels: {} + annotations: {} + grafanaOperator: + # -- Create dashboards as CRDs (requires grafana-operator to be installed) + enabled: false + spec: + instanceSelector: + matchLabels: + dashboards: grafana + allowCrossNamespaceImport: false + # -- Create dashboards as ConfigMap despite dependency it requires is not installed + dashboards: + victoriametrics-vmalert: + enabled: true + victoriametrics-operator: + enabled: true + # -- In ArgoCD using client-side apply this dashboard reaches annotations size limit and causes k8s issues without server side apply + # See [this issue](https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-k8s-stack#metadataannotations-too-long-must-have-at-most-262144-bytes-on-dashboards) + node-exporter-full: + enabled: true + +# -- Create default rules for monitoring the cluster +defaultRules: + # -- Labels, which are used for grouping results of the queries. Note that these labels are joined with `.Values.global.clusterLabel` + additionalGroupByLabels: [] + create: true + + # -- Common properties for VMRule groups + group: + spec: + # -- Optional HTTP URL parameters added to each rule request + params: {} + + # -- Common properties for all VMRules + rule: + spec: + # -- Additional labels for all VMRules + labels: {} + # -- Additional annotations for all VMRules + annotations: {} + + # -- Common properties for VMRules alerts + alerting: + spec: + # -- Additional labels for VMRule alerts + labels: {} + # -- Additional annotations for VMRule alerts + annotations: {} + + # -- Common properties for VMRules recording rules + recording: + spec: + # -- Additional labels for VMRule recording rules + labels: {} + # -- Additional annotations for VMRule recording rules + annotations: {} + + # -- Per rule properties + rules: {} + # CPUThrottlingHigh: + # create: true + # spec: + # for: 15m + # labels: + # severity: critical + # -- Rule group properties + groups: + etcd: + create: true + # -- Common properties for all rules in a group + rules: {} + # spec: + # annotations: + # dashboard: https://example.com/dashboard/1 + general: + create: true + rules: {} + k8sContainerCpuLimits: + create: true + rules: {} + k8sContainerCpuRequests: + create: true + rules: {} + k8sContainerCpuUsageSecondsTotal: + create: true + rules: {} + k8sContainerMemoryLimits: + create: true + rules: {} + k8sContainerMemoryRequests: + create: true + rules: {} + k8sContainerMemoryRss: + create: true + rules: {} + k8sContainerMemoryCache: + create: true + rules: {} + k8sContainerMemoryWorkingSetBytes: + create: true + rules: {} + k8sContainerMemorySwap: + create: true + rules: {} + k8sPodOwner: + create: true + rules: {} + k8sContainerResource: + create: true + rules: {} + kubeApiserver: + create: true + rules: {} + kubeApiserverAvailability: + create: true + rules: {} + kubeApiserverBurnrate: + create: true + rules: {} + kubeApiserverHistogram: + create: true + rules: {} + kubeApiserverSlos: + create: true + rules: {} + kubelet: + create: true + rules: {} + kubePrometheusGeneral: + create: true + rules: {} + kubePrometheusNodeRecording: + create: true + rules: {} + kubernetesApps: + create: true + rules: {} + targetNamespace: ".*" + kubernetesResources: + create: true + rules: {} + kubernetesStorage: + create: true + rules: {} + targetNamespace: ".*" + kubernetesSystem: + create: true + rules: {} + kubernetesSystemKubelet: + create: true + rules: {} + kubernetesSystemApiserver: + create: true + rules: {} + kubernetesSystemControllerManager: + create: true + rules: {} + kubeScheduler: + create: true + rules: {} + kubernetesSystemScheduler: + create: true + rules: {} + kubeStateMetrics: + create: true + rules: {} + nodeNetwork: + create: true + rules: {} + node: + create: true + rules: {} + vmagent: + create: true + rules: {} + vmsingle: + create: true + rules: {} + vmcluster: + create: true + rules: {} + vmHealth: + create: true + rules: {} + vmoperator: + create: true + rules: {} + alertmanager: + create: true + rules: {} + + # -- Runbook url prefix for default rules + runbookUrl: https://runbooks.prometheus-operator.dev/runbooks + + # -- Labels for default rules + labels: {} + # -- Annotations for default rules + annotations: {} + +# -- Provide custom recording or alerting rules to be deployed into the cluster. +additionalVictoriaMetricsMap: +# rule-name: +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +external: + grafana: + # -- External Grafana host + host: "" + # -- External Grafana datasource name + datasource: VictoriaMetrics + # -- External VM read and write URLs + vm: + read: + url: "" + # bearerTokenSecret: + # name: dbaas-read-access-token + # key: bearerToken + write: + url: "" + # bearerTokenSecret: + # name: dbaas-read-access-token + # key: bearerToken + +# Configures vmsingle params +vmsingle: + # -- VMSingle annotations + annotations: {} + # -- Create VMSingle CR + enabled: false + # -- Full spec for VMSingle CRD. Allowed values describe [here](https://docs.victoriametrics.com/operator/api#vmsinglespec) + spec: + port: "8429" + # -- Data retention period. Possible units character: h(ours), d(ays), w(eeks), y(ears), if no unit character specified - month. The minimum retention period is 24h. See these [docs](https://docs.victoriametrics.com/single-server-victoriametrics/#retention) + retentionPeriod: "1" + replicaCount: 1 + extraArgs: {} + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + ingress: + # -- Enable deployment of ingress for server component + enabled: false + # -- Ingress annotations + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # -- Ingress extra labels + labels: {} + # -- Ingress default path + path: "" + # -- Ingress path type + pathType: Prefix + # -- Ingress controller class name + ingressClassName: "" + + # -- Array of host objects + hosts: [] + # - vmsingle.domain.com + # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + # -- Array of TLS objects + tls: [] + # - secretName: vmsingle-ingress-tls + # hosts: + # - vmsingle.domain.com + +vmcluster: + # -- Create VMCluster CR + enabled: false + # -- VMCluster annotations + annotations: {} + # -- Full spec for VMCluster CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmclusterspec) + spec: + # -- Data retention period. Possible units character: h(ours), d(ays), w(eeks), y(ears), if no unit character specified - month. The minimum retention period is 24h. See these [docs](https://docs.victoriametrics.com/single-server-victoriametrics/#retention) + retentionPeriod: "1" + replicationFactor: 2 + vmstorage: + replicaCount: 2 + storageDataPath: /vm-data + storage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 10Gi + resources: + {} + # limits: + # cpu: "1" + # memory: 1500Mi + vmselect: + # -- Set this value to false to disable VMSelect + enabled: true + port: "8481" + replicaCount: 2 + cacheMountPath: /select-cache + extraArgs: {} + storage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 2Gi + resources: + {} + # limits: + # cpu: "1" + # memory: "1000Mi" + # requests: + # cpu: "0.5" + # memory: "500Mi" + vminsert: + # -- Set this value to false to disable VMInsert + enabled: true + port: "8480" + replicaCount: 2 + extraArgs: {} + resources: + {} + # limits: + # cpu: "1" + # memory: 1000Mi + # requests: + # cpu: "0.5" + # memory: "500Mi" + + ingress: + storage: + # -- Enable deployment of ingress for server component + enabled: false + + # -- Ingress annotations + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + # -- Ingress extra labels + labels: {} + + # -- Ingress controller class name + ingressClassName: "" + + # -- Ingress path type + pathType: Prefix + + # -- Ingress default path + path: "" + + # -- Array of host objects + hosts: [] + # - vmstorage.domain.com + + # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + # -- Array of TLS objects + tls: [] + # - secretName: vmstorage-ingress-tls + # hosts: + # - vmstorage.domain.com + select: + # -- Enable deployment of ingress for server component + enabled: false + + # -- Ingress annotations + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + # -- Ingress extra labels + labels: {} + + # -- Ingress controller class name + ingressClassName: "" + + # -- Ingress path type + pathType: Prefix + + # -- Ingress default path + path: '{{ dig "extraArgs" "http.pathPrefix" "/" .Values.vmcluster.spec.vmselect }}' + + # -- Array of host objects + hosts: [] + # - vmselect.domain.com + # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + # -- Array of TLS objects + tls: [] + # - secretName: vmselect-ingress-tls + # hosts: + # - vmselect.domain.com + insert: + # -- Enable deployment of ingress for server component + enabled: false + + # -- Ingress annotations + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + + # -- Ingress extra labels + labels: {} + + # -- Ingress controller class name + ingressClassName: "" + + # -- Ingress path type + pathType: Prefix + + # -- Ingress default path + path: '{{ dig "extraArgs" "http.pathPrefix" "/" .Values.vmcluster.spec.vminsert }}' + + # -- Array of host objects + hosts: [] + # - vminsert.domain.com + # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + + # -- Array of TLS objects + tls: [] + # - secretName: vminsert-ingress-tls + # hosts: + # - vminsert.domain.com + +alertmanager: + # -- Create VMAlertmanager CR + enabled: false + # -- Alertmanager annotations + annotations: {} + # -- (object) Full spec for VMAlertmanager CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmalertmanagerspec) + spec: + replicaCount: 1 + port: "9093" + selectAllByDefault: true + image: + tag: v0.28.1 + externalURL: "" + routePrefix: / + + # -- (string) If this one defined, it will be used for alertmanager configuration and config parameter will be ignored + configSecret: "" + # -- + # @raw + # enable storing .Values.alertmanager.config in VMAlertmanagerConfig instead of k8s Secret. + # Note: VMAlertmanagerConfig and plain Alertmanager config structures are not equal. + # If you're migrating existing config, please make sure that `.Values.alertmanager.config`: + # - with `useManagedConfig: false` has structure described [here](https://prometheus.io/docs/alerting/latest/configuration/). + # - with `useManagedConfig: true` has structure described [here](https://docs.victoriametrics.com/operator/api/#vmalertmanagerconfig). + useManagedConfig: false + # -- (object) Alertmanager configuration + config: + route: + receiver: "blackhole" + # group_by: ["alertgroup", "job"] + # group_wait: 30s + # group_interval: 5m + # repeat_interval: 12h + # routes: + # + # # Duplicate code_owner routes to teams + # # These will send alerts to team channels but continue + # # processing through the rest of the tree to handled by on-call + # - matchers: + # - code_owner_channel!="" + # - severity=~"info|warning|critical" + # group_by: ["code_owner_channel", "alertgroup", "job"] + # receiver: slack-code-owners + # + # # Standard on-call routes + # - matchers: + # - severity=~"info|warning|critical" + # receiver: slack-monitoring + # continue: true + # + # inhibit_rules: + # - target_matchers: + # - severity=~"warning|info" + # source_matchers: + # - severity=critical + # equal: + # - cluster + # - namespace + # - alertname + # - target_matchers: + # - severity=info + # source_matchers: + # - severity=warning + # equal: + # - cluster + # - namespace + # - alertname + # - target_matchers: + # - severity=info + # source_matchers: + # - alertname=InfoInhibitor + # equal: + # - cluster + # - namespace + + receivers: + - name: blackhole + # - name: "slack-monitoring" + # slack_configs: + # - channel: "#channel" + # send_resolved: true + # title: '{{ template "slack.monzo.title" . }}' + # icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}' + # color: '{{ template "slack.monzo.color" . }}' + # text: '{{ template "slack.monzo.text" . }}' + # actions: + # - type: button + # text: "Runbook :green_book:" + # url: "{{ (index .Alerts 0).Annotations.runbook_url }}" + # - type: button + # text: "Query :mag:" + # url: "{{ (index .Alerts 0).GeneratorURL }}" + # - type: button + # text: "Dashboard :grafana:" + # url: "{{ (index .Alerts 0).Annotations.dashboard }}" + # - type: button + # text: "Silence :no_bell:" + # url: '{{ template "__alert_silence_link" . }}' + # - type: button + # text: '{{ template "slack.monzo.link_button_text" . }}' + # url: "{{ .CommonAnnotations.link_url }}" + # - name: slack-code-owners + # slack_configs: + # - channel: "#{{ .CommonLabels.code_owner_channel }}" + # send_resolved: true + # title: '{{ template "slack.monzo.title" . }}' + # icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}' + # color: '{{ template "slack.monzo.color" . }}' + # text: '{{ template "slack.monzo.text" . }}' + # actions: + # - type: button + # text: "Runbook :green_book:" + # url: "{{ (index .Alerts 0).Annotations.runbook }}" + # - type: button + # text: "Query :mag:" + # url: "{{ (index .Alerts 0).GeneratorURL }}" + # - type: button + # text: "Dashboard :grafana:" + # url: "{{ (index .Alerts 0).Annotations.dashboard }}" + # - type: button + # text: "Silence :no_bell:" + # url: '{{ template "__alert_silence_link" . }}' + # - type: button + # text: '{{ template "slack.monzo.link_button_text" . }}' + # url: "{{ .CommonAnnotations.link_url }}" + # + # -- Better alert templates for [slack source](https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512) + monzoTemplate: + enabled: true + + # -- (object) Extra alert templates + templateFiles: + {} + # template_1.tmpl: |- + # {{ define "hello" -}} + # hello, Victoria! + # {{- end }} + # template_2.tmpl: "" + + # -- (object) Alertmanager ingress configuration + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: '{{ .Values.alertmanager.spec.routePrefix | default "/" }}' + pathType: Prefix + + hosts: + - alertmanager.domain.com + # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: alertmanager-ingress-tls + # hosts: + # - alertmanager.domain.com + +vmalert: + # -- VMAlert annotations + annotations: {} + # -- Create VMAlert CR + enabled: false + + # -- Controls whether VMAlert should use VMAgent or VMInsert as a target for remotewrite + remoteWriteVMAgent: false + # -- (object) Full spec for VMAlert CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmalertspec) + spec: + port: "8080" + selectAllByDefault: true + evaluationInterval: 20s + extraArgs: + http.pathPrefix: "/" + + # External labels to add to all generated recording rules and alerts + externalLabels: {} + + # -- (object) Extra VMAlert annotation templates + templateFiles: + {} + # template_1.tmpl: |- + # {{ define "hello" -}} + # hello, Victoria! + # {{- end }} + # template_2.tmpl: "" + + # -- Allows to configure static notifiers, discover notifiers via Consul and DNS, + # see specification [here](https://docs.victoriametrics.com/vmalert/#notifier-configuration-file). + # This configuration will be created as separate secret and mounted to VMAlert pod. + additionalNotifierConfigs: {} + # dns_sd_configs: + # - names: + # - my.domain.com + # type: 'A' + # port: 9093 + # -- (object) VMAlert ingress config + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "" + pathType: Prefix + + hosts: + - vmalert.domain.com + # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: vmalert-ingress-tls + # hosts: + # - vmalert.domain.com + +vmauth: + # -- Enable VMAuth CR + enabled: false + # -- VMAuth annotations + annotations: {} + # -- (object) Full spec for VMAuth CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmauthspec) + # It's possible to use given below predefined variables in spec: + # * `{{ .vm.read }}` - parsed vmselect, vmsingle or external.vm.read URL + # * `{{ .vm.write }}` - parsed vminsert, vmsingle or external.vm.write URL + spec: + port: "8427" + ingress: + class_name: nginx + annotations: + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + cert-manager.io/cluster-issuer: main + host: o12y.ABC + tlsHosts: + - o12y.ABC + tlsSecretName: vmauth-tls-secret + unauthorizedUserAccessSpec: {} + selectAllByDefault: true + +vmagent: + # -- Create VMAgent CR + enabled: true + # -- VMAgent annotations + annotations: {} + # -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec) + additionalRemoteWrites: + # [] + - url: https://o12y.observability.think-ahead.cloud/api/v1/write + basicAuth: + username: + name: simple-user-secret + key: username + password: + name: simple-user-secret + key: password + # -- (object) Full spec for VMAgent CRD. Allowed values described [here](https://docs.victoriametrics.com/operator/api#vmagentspec) + spec: + port: "8429" + selectAllByDefault: true + scrapeInterval: 20s + externalLabels: + cluster_environment: "kind" + # For multi-cluster setups it is useful to use "cluster" label to identify the metrics source. + # For example: + # cluster: cluster-name + extraArgs: + promscrape.streamParse: "true" + # Do not store original labels in vmagent's memory by default. This reduces the amount of memory used by vmagent + # but makes vmagent debugging UI less informative. See: https://docs.victoriametrics.com/vmagent/#relabel-debug + promscrape.dropOriginalLabels: "true" + # -- (object) VMAgent ingress configuration + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: "" + pathType: Prefix + + hosts: + - vmagent.domain.com + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: vmagent-ingress-tls + # hosts: + # - vmagent.domain.com + +defaultDatasources: + grafanaOperator: + # -- Create datasources as CRDs (requires grafana-operator to be installed) + enabled: false + annotations: {} + spec: + instanceSelector: + matchLabels: + dashboards: grafana + allowCrossNamespaceImport: false + victoriametrics: + # -- Create per replica prometheus compatible datasource + perReplica: false + # -- List of prometheus compatible datasource configurations. + # VM `url` will be added to each of them in templates. + datasources: + - name: VictoriaMetrics + type: prometheus + access: proxy + isDefault: true + - name: VictoriaMetrics (DS) + isDefault: false + access: proxy + type: victoriametrics-metrics-datasource + version: "0.15.1" + # -- List of alertmanager datasources. + # Alertmanager generated `url` will be added to each datasource in template if alertmanager is enabled + alertmanager: + # -- Create per replica alertmanager compatible datasource + perReplica: false + datasources: + - name: Alertmanager + access: proxy + jsonData: + implementation: prometheus + # -- Configure additional grafana datasources (passed through tpl). + # Check [here](http://docs.grafana.org/administration/provisioning/#datasources) for details + extra: + - name: victoria-logs + access: proxy + type: VictoriaLogs + url: http://vlogs-victorialogs:9428 + version: 1 + +# -- Grafana dependency chart configuration. For possible values refer [here](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) +grafana: + enabled: false + # all values for grafana helm chart can be specified here + persistence: + enabled: true + type: pvc + storageClassName: "default" + sidecar: + datasources: + enabled: true + initDatasources: true + label: grafana_datasource + dashboards: + provider: + name: default + orgid: 1 + folder: /var/lib/grafana/dashboards + defaultFolderName: default + enabled: true + multicluster: false + + # -- Create datasource configmap even if grafana deployment has been disabled + forceDeployDatasource: false + + # Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana: + # Note that Grafana will need internet access to install the datasource plugin. + # + # plugins: + # - victoriametrics-metrics-datasource + + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + pathType: Prefix + + hosts: + - grafana.domain.com + # -- Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: grafana-ingress-tls + # hosts: + # - grafana.domain.com + + # -- Grafana VM scrape config + vmScrape: + # whether we should create a service scrape resource for grafana + enabled: true + + # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Grafana + spec: + selector: + matchLabels: + app.kubernetes.io/name: '{{ include "grafana.name" .Subcharts.grafana }}' + endpoints: + - port: '{{ .Values.grafana.service.portName }}' + +# -- prometheus-node-exporter dependency chart configuration. For possible values check [here](https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/values.yaml) +prometheus-node-exporter: + enabled: true + + # all values for prometheus-node-exporter helm chart can be specified here + service: + # Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards + # + labels: + jobLabel: node-exporter + extraArgs: + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|erofs|sysfs|tracefs)$ + # -- Node Exporter VM scrape config + vmScrape: + # whether we should create a service scrape resource for node-exporter + enabled: true + + # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Node Exporter + spec: + jobLabel: jobLabel + selector: + matchLabels: + app.kubernetes.io/name: '{{ include "prometheus-node-exporter.name" (index .Subcharts "prometheus-node-exporter") }}' + endpoints: + - port: metrics + metricRelabelConfigs: + - action: drop + source_labels: [mountpoint] + regex: "/var/lib/kubelet/pods.+" +# -- kube-state-metrics dependency chart configuration. For possible values check [here](https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-state-metrics/values.yaml) +kube-state-metrics: + enabled: true + # -- [Scrape configuration](https://docs.victoriametrics.com/operator/api#vmservicescrapespec) for Kube State Metrics + vmScrape: + enabled: true + spec: + selector: + matchLabels: + app.kubernetes.io/name: '{{ include "kube-state-metrics.name" (index .Subcharts "kube-state-metrics") }}' + app.kubernetes.io/instance: '{{ include "vm.release" . }}' + endpoints: + - port: http + honorLabels: true + metricRelabelConfigs: + - action: labeldrop + regex: (uid|container_id|image_id) + jobLabel: app.kubernetes.io/name + +# -- Component scraping the kubelets +kubelet: + enabled: true + vmScrapes: + # -- Enable scraping /metrics/cadvisor from kubelet's service + cadvisor: + enabled: true + spec: + path: /metrics/cadvisor + # -- Enable scraping /metrics/probes from kubelet's service + probes: + enabled: true + spec: + path: /metrics/probes + # -- Enabled scraping /metrics/resource from kubelet's service + resources: + enabled: true + spec: + path: /metrics/resource + kubelet: + spec: {} + # -- Spec for VMNodeScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmnodescrapespec) + vmScrape: + kind: VMNodeScrape + spec: + scheme: "https" + honorLabels: true + interval: "30s" + scrapeTimeout: "5s" + tlsConfig: + insecureSkipVerify: true + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # drop high cardinality label and useless metrics for cadvisor and kubelet + metricRelabelConfigs: + - action: labeldrop + regex: (uid) + - action: labeldrop + regex: (id|name) + - action: drop + source_labels: [__name__] + regex: (rest_client_request_duration_seconds_bucket|rest_client_request_duration_seconds_sum|rest_client_request_duration_seconds_count) + relabelConfigs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + - targetLabel: job + replacement: kubelet + # ignore timestamps of cadvisor's metrics by default + # more info here https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4697#issuecomment-1656540535 + honorTimestamps: false +# Component scraping the kube api server +kubeApiServer: + # -- Enable Kube Api Server metrics scraping + enabled: true + # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) + vmScrape: + spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: https + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + jobLabel: component + namespaceSelector: + matchNames: + - default + selector: + matchLabels: + component: apiserver + provider: kubernetes + +# Component scraping the kube controller manager +kubeControllerManager: + # -- Enable kube controller manager metrics scraping + enabled: true + + # -- If your kube controller manager is not deployed as a pod, specify IPs it can be found on + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + # If using kubeControllerManager.endpoints only the port and targetPort are used + service: + # -- Create service for kube controller manager metrics scraping + enabled: true + # -- Kube controller manager service port + port: 10257 + # -- Kube controller manager service target port + targetPort: 10257 + # -- Kube controller manager service pod selector + selector: + component: kube-controller-manager + + # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) + vmScrape: + spec: + jobLabel: jobLabel + namespaceSelector: + matchNames: + - kube-system + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: http-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + +# Component scraping kubeDns. Use either this or coreDns +kubeDns: + # -- Enabled KubeDNS metrics scraping + enabled: false + service: + # -- Create Service for KubeDNS metrics + enabled: false + # -- KubeDNS service ports + ports: + dnsmasq: + port: 10054 + targetPort: 10054 + skydns: + port: 10055 + targetPort: 10055 + # -- KubeDNS service pods selector + selector: + k8s-app: kube-dns + # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) + vmScrape: + spec: + jobLabel: jobLabel + namespaceSelector: + matchNames: [kube-system] + endpoints: + - port: http-metrics-dnsmasq + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + - port: http-metrics-skydns + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + +# Component scraping coreDns. Use either this or kubeDns +coreDns: + # -- Enabled CoreDNS metrics scraping + enabled: true + service: + # -- Create service for CoreDNS metrics + enabled: true + # -- CoreDNS service port + port: 9153 + # -- CoreDNS service target port + targetPort: 9153 + # -- CoreDNS service pod selector + selector: + k8s-app: kube-dns + + # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) + vmScrape: + spec: + jobLabel: jobLabel + namespaceSelector: + matchNames: [kube-system] + endpoints: + - port: http-metrics + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + +# Component scraping etcd +kubeEtcd: + # -- Enabled KubeETCD metrics scraping + enabled: true + + # -- If your etcd is not deployed as a pod, specify IPs it can be found on + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + # Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used + service: + # -- Enable service for ETCD metrics scraping + enabled: true + # -- ETCD service port + port: 2379 + # -- ETCD service target port + targetPort: 2379 + # -- ETCD service pods selector + selector: + component: etcd + + # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) + vmScrape: + spec: + jobLabel: jobLabel + namespaceSelector: + matchNames: [kube-system] + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: http-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + +# Component scraping kube scheduler +kubeScheduler: + # -- Enable KubeScheduler metrics scraping + enabled: true + + # -- If your kube scheduler is not deployed as a pod, specify IPs it can be found on + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + # If using kubeScheduler.endpoints only the port and targetPort are used + service: + # -- Enable service for KubeScheduler metrics scrape + enabled: true + # -- KubeScheduler service port + port: 10259 + # -- KubeScheduler service target port + targetPort: 10259 + # -- KubeScheduler service pod selector + selector: + component: kube-scheduler + + # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) + vmScrape: + spec: + jobLabel: jobLabel + namespaceSelector: + matchNames: [kube-system] + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: http-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + +# Component scraping kube proxy +kubeProxy: + # -- Enable kube proxy metrics scraping + enabled: false + + # -- If your kube proxy is not deployed as a pod, specify IPs it can be found on + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + service: + # -- Enable service for kube proxy metrics scraping + enabled: true + # -- Kube proxy service port + port: 10249 + # -- Kube proxy service target port + targetPort: 10249 + # -- Kube proxy service pod selector + selector: + k8s-app: kube-proxy + + # -- Spec for VMServiceScrape CRD is [here](https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec) + vmScrape: + spec: + jobLabel: jobLabel + namespaceSelector: + matchNames: [kube-system] + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: http-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + +# -- Add extra objects dynamically to this chart +extraObjects: [] + diff --git a/otc/ABC/stacks/observability/grafana-operator.yaml b/otc/ABC/stacks/observability/grafana-operator.yaml new file mode 100644 index 0000000..3a24675 --- /dev/null +++ b/otc/ABC/stacks/observability/grafana-operator.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: grafana-operator + namespace: argocd + labels: + env: dev +spec: + project: default + syncPolicy: + automated: + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + destination: + name: in-cluster + namespace: observability + sources: + - chart: grafana-operator + repoURL: ghcr.io/grafana/helm-charts + targetRevision: v5.18.0 + releaseName: grafana-operator + - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/stacks-instances + targetRevision: HEAD + path: "otc/ABC/stacks/observability/grafana-operator/manifests" diff --git a/otc/ABC/stacks/observability/grafana-operator/manifests/argocd.yaml b/otc/ABC/stacks/observability/grafana-operator/manifests/argocd.yaml new file mode 100644 index 0000000..b348ff7 --- /dev/null +++ b/otc/ABC/stacks/observability/grafana-operator/manifests/argocd.yaml @@ -0,0 +1,9 @@ +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: argocd +spec: + instanceSelector: + matchLabels: + dashboards: "grafana" + url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json" diff --git a/otc/ABC/stacks/observability/grafana-operator/manifests/grafana.yaml b/otc/ABC/stacks/observability/grafana-operator/manifests/grafana.yaml new file mode 100644 index 0000000..2f92152 --- /dev/null +++ b/otc/ABC/stacks/observability/grafana-operator/manifests/grafana.yaml @@ -0,0 +1,14 @@ +apiVersion: grafana.integreatly.org/v1beta1 +kind: Grafana +metadata: + name: grafana + labels: + dashboards: "grafana" +spec: + persistentVolumeClaim: + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/otc/ABC/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml b/otc/ABC/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml new file mode 100644 index 0000000..c13d6a2 --- /dev/null +++ b/otc/ABC/stacks/observability/grafana-operator/manifests/ingress-nginx.yaml @@ -0,0 +1,9 @@ +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: ingress-nginx +spec: + instanceSelector: + matchLabels: + dashboards: "grafana" + url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json" diff --git a/otc/ABC/stacks/observability/grafana-operator/manifests/victoria-logs.yaml b/otc/ABC/stacks/observability/grafana-operator/manifests/victoria-logs.yaml new file mode 100644 index 0000000..4018fbd --- /dev/null +++ b/otc/ABC/stacks/observability/grafana-operator/manifests/victoria-logs.yaml @@ -0,0 +1,9 @@ +apiVersion: grafana.integreatly.org/v1beta1 +kind: GrafanaDashboard +metadata: + name: victoria-logs +spec: + instanceSelector: + matchLabels: + dashboards: "grafana" + url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json" diff --git a/otc/ABC/stacks/observability/victoria-k8s-stack.yaml b/otc/ABC/stacks/observability/victoria-k8s-stack.yaml index b68cfb5..4a24952 100644 --- a/otc/ABC/stacks/observability/victoria-k8s-stack.yaml +++ b/otc/ABC/stacks/observability/victoria-k8s-stack.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: victoria-k8s-stack + name: o12y namespace: argocd labels: env: dev @@ -12,6 +12,7 @@ spec: selfHeal: true syncOptions: - CreateNamespace=true + - ServerSideApply=true destination: name: in-cluster namespace: observability @@ -19,7 +20,7 @@ spec: - chart: victoria-metrics-k8s-stack repoURL: https://victoriametrics.github.io/helm-charts/ targetRevision: 0.48.1 - releaseName: vm + releaseName: o12y helm: valueFiles: - $values/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml diff --git a/otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml b/otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml index c7644b3..2ea5d76 100644 --- a/otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml +++ b/otc/ABC/stacks/observability/victoria-k8s-stack/manifests/vmauth.yaml @@ -8,8 +8,8 @@ spec: password: simple-password targetRefs: - static: - url: http://vmsingle-victoria-k8s-stack-victoria-metrics-k8s-stack:8429 - paths: ["/api/v1/write/.*"] + url: http://vmsingle-o12y:8429 + paths: ["/api/v1/write"] - static: url: http://vlogs-victorialogs:9428 paths: ["/insert/elasticsearch/.*"] diff --git a/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml b/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml index a48b7b4..d717918 100644 --- a/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml +++ b/otc/ABC/stacks/observability/victoria-k8s-stack/values.yaml @@ -14,13 +14,13 @@ global: # -- Override chart name nameOverride: "" # -- Resource full name override -fullnameOverride: "" +fullnameOverride: "o12y" # -- Tenant to use for Grafana datasources and remote write tenant: "0" # -- If this chart is used in "Argocd" with "releaseName" field then # VMServiceScrapes couldn't select the proper services. # For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME' -argocdReleaseOverride: "" +argocdReleaseOverride: "o12y" # -- VictoriaMetrics Operator dependency chart configuration. More values can be found [here](https://docs.victoriametrics.com/helm/victoriametrics-operator#parameters). Also checkout [here](https://docs.victoriametrics.com/operator/vars) possible ENV variables to configure operator behaviour victoria-metrics-operator: @@ -50,7 +50,7 @@ defaultDashboards: annotations: {} grafanaOperator: # -- Create dashboards as CRDs (requires grafana-operator to be installed) - enabled: false + enabled: true spec: instanceSelector: matchLabels: @@ -763,16 +763,16 @@ vmauth: annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" cert-manager.io/cluster-issuer: main - host: o12y.ABC + host: o12y.observability.think-ahead.cloud tlsHosts: - - o12y.ABC + - o12y.observability.think-ahead.cloud tlsSecretName: vmauth-tls-secret unauthorizedUserAccessSpec: {} selectAllByDefault: true vmagent: # -- Create VMAgent CR - enabled: true + enabled: false # -- VMAgent annotations annotations: {} # -- Remote write configuration of VMAgent, allowed parameters defined in a [spec](https://docs.victoriametrics.com/operator/api#vmagentremotewritespec) @@ -826,9 +826,14 @@ vmagent: defaultDatasources: grafanaOperator: # -- Create datasources as CRDs (requires grafana-operator to be installed) - enabled: false + enabled: true annotations: {} spec: + plugins: + - name: victoriametrics-metrics-datasource + version: 0.16.0 + - name: victoriametrics-logs-datasource + version: 0.17.0 instanceSelector: matchLabels: dashboards: grafana @@ -861,20 +866,26 @@ defaultDatasources: # -- Configure additional grafana datasources (passed through tpl). # Check [here](http://docs.grafana.org/administration/provisioning/#datasources) for details extra: - - name: victoria-logs + - name: VictoriaLogs access: proxy - type: VictoriaLogs + type: victoriametrics-logs-datasource url: http://vlogs-victorialogs:9428 - version: 1 + version: 0.18.0 # -- Grafana dependency chart configuration. For possible values refer [here](https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration) grafana: - enabled: true + enabled: false # all values for grafana helm chart can be specified here persistence: enabled: true type: pvc storageClassName: "default" + grafana.ini: + # auth: + # login_maximum_inactive_lifetime_duration: 0 + # login_maximum_lifetime_duration: 0 + security: + disable_brute_force_login_protection: true sidecar: datasources: enabled: true @@ -889,14 +900,26 @@ grafana: enabled: true multicluster: false + # dashboards: + # default: + # victoria-logs: + # url: "https://raw.githubusercontent.com/VictoriaMetrics/VictoriaMetrics/refs/heads/master/dashboards/vm/victorialogs.json" + # victoria-logs-explorer: + # url: "https://grafana.com/api/dashboards/22759/revisions/6/download" + # ingress-nginx: + # url: "https://raw.githubusercontent.com/adinhodovic/ingress-nginx-mixin/refs/heads/main/dashboards_out/ingress-nginx-overview.json" + # argocd: + # url: "https://raw.githubusercontent.com/argoproj/argo-cd/refs/heads/master/examples/dashboard.json" + # -- Create datasource configmap even if grafana deployment has been disabled - forceDeployDatasource: false + forceDeployDatasource: true # Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana: # Note that Grafana will need internet access to install the datasource plugin. - # - # plugins: - # - victoriametrics-metrics-datasource + + plugins: + - victoriametrics-metrics-datasource + - victoriametrics-logs-datasource ingress: enabled: false