diff --git a/kubernetes/apps/monitoring.yaml b/kubernetes/apps/monitoring.yaml new file mode 100644 index 00000000000..d3ec539d4f2 --- /dev/null +++ b/kubernetes/apps/monitoring.yaml @@ -0,0 +1,68 @@ +apiVersion: argoproj.io/v1alpha1 +kind: ApplicationSet +metadata: + name: monitoring + annotations: + argocd.argoproj.io/sync-wave: "-3" +spec: + goTemplate: true + generators: + - clusters: + selector: + matchLabels: + clusterType: 'utility' + template: + metadata: + name: 'monitoring-{{ .name }}' + annotations: + argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true + spec: + destination: + namespace: monitoring + server: "{{ .server }}" + project: default + sources: + - chart: kube-prometheus-stack + repoURL: https://prometheus-community.github.io/helm-charts + targetRevision: 62.3.1 + helm: + releaseName: monitoring + valueFiles: + - $values/kubernetes/{{ .name }}/helm/monitoring.yaml + - repoURL: https://github.com/borg-land/k8s.io + targetRevision: observability-stack + ref: values + - path: kubernetes/{{ .name }}/monitoring/ + repoURL: https://github.com/borg-land/k8s.io + targetRevision: observability-stack + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + managedNamespaceMetadata: + labels: + istio-injection: enabled +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: thanos +spec: + destination: + name: gke-utility + namespace: monitoring + project: default + sources: + - chart: thanos + repoURL: registry-1.docker.io/bitnamicharts + targetRevision: 15.7.27 + helm: + releaseName: thanos + valueFiles: + - $values/kubernetes/gke-utility//helm/thanos.yaml + - repoURL: https://github.com/borg-land/k8s.io + targetRevision: observability-stack + ref: values diff --git a/kubernetes/gke-utility/helm/cert-manager.yaml b/kubernetes/gke-utility/helm/cert-manager.yaml index 259909be8f5..340a25d65c4 100644 --- a/kubernetes/gke-utility/helm/cert-manager.yaml +++ b/kubernetes/gke-utility/helm/cert-manager.yaml @@ -1,8 +1,7 @@ crds: enabled: true extraObjects: - - | - apiVersion: cert-manager.io/v1 + - apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt-prod diff --git a/kubernetes/gke-utility/helm/monitoring.yaml b/kubernetes/gke-utility/helm/monitoring.yaml new file mode 100644 index 00000000000..80ec1e76e25 --- /dev/null +++ b/kubernetes/gke-utility/helm/monitoring.yaml @@ -0,0 +1,54 @@ +grafana: + enabled: true + sidecar: + datasources: + # point the default Promtheus Datasource to Thanos + url: http://thanos-query-frontend.monitoring:9090/ + grafana.ini: + analytics: + reporting_enabled: false + check_for_updates: true + server: + root_url: https://monitoring.prow.k8s.io + auth: + oauth_auto_login: true + signout_redirect_url: https://oauth2-proxy.k8s.io/oauth2/sign_out + auth.proxy: + enabled: true + header_name: X-Auth-Request-Email + header_property: email + auto_sign_up: true + headers: Name:X-Auth-Request-User Email:X-Auth-Request-Email Groups:X-Auth-Request-Groups + users: + allow_sign_up: false + auto_assign_org: true + auto_assign_org_role: Editor + +prometheus: + thanosService: + enabled: true + prometheusSpec: + externalLabels: + cluster: gke-utility + cloud: gke + thanos: + image: quay.io/thanos/thanos:v0.36.1 + listenLocal: false + logLevel: debug + objectStorageConfig: + secret: + type: GCS + config: + bucket: k8s-io-thanos + serviceMonitorSelectorNilUsesHelmValues: false + podMonitorSelectorNilUsesHelmValues: false + ruleSelectorNilUsesHelmValues: false + probeSelectorNilUsesHelmValues: false + +# These endpoints aren't scrapable on GKE +coreDns: + enabled: false +kubeControllerManager: + enabled: false +kubeScheduler: + enabled: false diff --git a/kubernetes/gke-utility/helm/thanos.yaml b/kubernetes/gke-utility/helm/thanos.yaml new file mode 100644 index 00000000000..75d2d0b3c77 --- /dev/null +++ b/kubernetes/gke-utility/helm/thanos.yaml @@ -0,0 +1,28 @@ +objstoreConfig: |- + type: GCS + config: + bucket: k8s-io-thanos +storegateway: + enabled: true +query: + dnsDiscovery: + sidecarsService: monitoring-kube-prometheus-thanos-discovery + sidecarsNamespace: monitoring +bucketweb: + enabled: true +compactor: + enabled: true +ruler: + enabled: true + alertmanagers: + - http://monitoring-kube-prometheus-alertmanager.monitoring.svc.cluster.local:9093 + config: |- + groups: + - name: "metamonitoring" + rules: + - alert: "PrometheusDown" + expr: absent(up{prometheus="monitoring/kube-prometheus"}) +metrics: + enabled: true + serviceMonitor: + enabled: true diff --git a/kubernetes/gke-utility/monitoring/httproute.yaml b/kubernetes/gke-utility/monitoring/httproute.yaml new file mode 100644 index 00000000000..2ed411553d8 --- /dev/null +++ b/kubernetes/gke-utility/monitoring/httproute.yaml @@ -0,0 +1,15 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: grafana +spec: + hostnames: + - monitoring.prow.k8s.io + parentRefs: + - name: istio-ingressgateway + namespace: istio-system + sectionName: https + rules: + - backendRefs: + - name: monitoring-grafana + port: 80 diff --git a/kubernetes/gke-utility/monitoring/kustomization.yaml b/kubernetes/gke-utility/monitoring/kustomization.yaml new file mode 100644 index 00000000000..449338c0b6c --- /dev/null +++ b/kubernetes/gke-utility/monitoring/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: monitoring +resources: + - httproute.yaml