From 5d0f872170cf3a1b309803a817dc633228c8cc21 Mon Sep 17 00:00:00 2001 From: William P Date: Tue, 13 May 2025 09:44:18 -0400 Subject: [PATCH] add monitoring --- system-apps/monitoring/clusterrole.yaml | 20 ++++++++ .../monitoring/clusterrolebinding.yaml | 12 +++++ system-apps/monitoring/configmap.yaml | 47 +++++++++++++++++++ system-apps/monitoring/deployment.yaml | 41 ++++++++++++++++ system-apps/monitoring/secret.yaml | 17 +++++++ system-apps/monitoring/serviceaccount.yaml | 5 ++ 6 files changed, 142 insertions(+) create mode 100644 system-apps/monitoring/clusterrole.yaml create mode 100644 system-apps/monitoring/clusterrolebinding.yaml create mode 100644 system-apps/monitoring/configmap.yaml create mode 100644 system-apps/monitoring/deployment.yaml create mode 100644 system-apps/monitoring/secret.yaml create mode 100644 system-apps/monitoring/serviceaccount.yaml diff --git a/system-apps/monitoring/clusterrole.yaml b/system-apps/monitoring/clusterrole.yaml new file mode 100644 index 0000000..ece0fdf --- /dev/null +++ b/system-apps/monitoring/clusterrole.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prometheus-agent +rules: + - apiGroups: [""] + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] + + - apiGroups: ["extensions"] + resources: ["ingresses"] + verbs: ["get", "list", "watch"] + + - nonResourceURLs: ["/metrics"] + verbs: ["get"] \ No newline at end of file diff --git a/system-apps/monitoring/clusterrolebinding.yaml b/system-apps/monitoring/clusterrolebinding.yaml new file mode 100644 index 0000000..2db1bf8 --- /dev/null +++ b/system-apps/monitoring/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prometheus-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus-agent +subjects: + - kind: ServiceAccount + name: prometheus-agent + namespace: monitoring \ No newline at end of file diff --git a/system-apps/monitoring/configmap.yaml b/system-apps/monitoring/configmap.yaml new file mode 100644 index 0000000..5f8f5a2 --- /dev/null +++ b/system-apps/monitoring/configmap.yaml @@ -0,0 +1,47 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: prom-agent-config + namespace: monitoring +data: + prometheus.yml: | + global: + scrape_interval: 15s + scrape_configs: + - job_name: 'weyma-talos-apiservers' + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - source_labels: + [ + __meta_kubernetes_namespace, + __meta_kubernetes_service_name, + __meta_kubernetes_endpoint_port_name, + ] + action: keep + regex: default;kubernetes;https + - job_name: 'weyma-talos-nodes' + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - job_name: 'weyma-talos-service-endpoints' + kubernetes_sd_configs: + - role: endpoints + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_service_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: namespace + - source_labels: [__meta_kubernetes_service_name] + action: replace + target_label: service + remote_write: + - url: "https://10.105.15.20:30104/api/v1/write" + basic_auth: + username: prometheus + password_file: /etc/prometheus/secrets/.basicauthpass + tls_config: + insecure_skip_verify: true \ No newline at end of file diff --git a/system-apps/monitoring/deployment.yaml b/system-apps/monitoring/deployment.yaml new file mode 100644 index 0000000..9f5dc36 --- /dev/null +++ b/system-apps/monitoring/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: prometheus-agent +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus-agent + template: + metadata: + labels: + app: prometheus-agent + spec: + serviceAccountName: prometheus-agent + containers: + - name: prometheus + image: prom/prometheus:v3.2.1 + args: + - "--config.file=/etc/prometheus/prometheus.yml" + - "--agent" + resources: + requests: + cpu: 200m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumeMounts: + - name: config-volume + mountPath: /etc/prometheus + - name: auth + mountPath: /etc/prometheus/secrets + volumes: + - name: config-volume + configMap: + name: prom-agent-config + - name: auth + secret: + secretName: prometheus-auth + diff --git a/system-apps/monitoring/secret.yaml b/system-apps/monitoring/secret.yaml new file mode 100644 index 0000000..76a65ae --- /dev/null +++ b/system-apps/monitoring/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: prometheus-auth +spec: + refreshInterval: 1h + secretStoreRef: + name: weyma-vault + kind: ClusterSecretStore + target: + name: prometheus-auth + creationPolicy: Owner + data: + - secretKey: .basicauthpass + remoteRef: + key: monitoring + property: prometheus-password \ No newline at end of file diff --git a/system-apps/monitoring/serviceaccount.yaml b/system-apps/monitoring/serviceaccount.yaml new file mode 100644 index 0000000..d381af0 --- /dev/null +++ b/system-apps/monitoring/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: prometheus-agent + namespace: monitoring \ No newline at end of file