diff --git a/monitoring/grafpromstack/graf-deployment.yaml b/monitoring/grafpromstack/graf-deployment.yaml new file mode 100644 index 0000000..4292933 --- /dev/null +++ b/monitoring/grafpromstack/graf-deployment.yaml @@ -0,0 +1,129 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: blackbox-exporter + name: blackbox-exporter + namespace: monitoring +spec: + replicas: 1 + selector: + matchLabels: + run: blackbox-exporter + template: + metadata: + labels: + run: blackbox-exporter + spec: + containers: + - image: prom/blackbox-exporter:master + name: blackbox-exporter + volumeMounts: + - mountPath: /etc/blackbox_exporter + name: blackbox-exporter + readOnly: true + restartPolicy: Always + volumes: + - name: blackbox-exporter + persistentVolumeClaim: + claimName: blackbox-exporter + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: grafana + name: grafana + namespace: monitoring +spec: + replicas: 1 + selector: + matchLabels: + run: grafana + template: + metadata: + labels: + run: grafana + spec: + initContainers: + - name: volume-mount-hack + image: busybox:1.28 + command: ["sh", "-c", "chown -R 472:472 /etc/grafana && chown -R 472:472 /var/lib/grafana"] + volumeMounts: + - mountPath: /var/lib/grafana + readOnly: false + name: grafana-data + - mountPath: /etc/grafana + readOnly: false + name: grafana-conf + volumes: + - name: grafana-data + persistentVolumeClaim: + claimName: grafana-data + - name: grafana-conf + persistentVolumeClaim: + claimName: grafana-conf + + containers: + - image: grafana/grafana + name: grafana + volumeMounts: + - mountPath: /var/lib/grafana + readOnly: false + name: grafana-data + - mountPath: /etc/grafana + readOnly: false + name: grafana-conf + restartPolicy: Always + volumes: + - name: grafana-data + persistentVolumeClaim: + claimName: grafana-data + - name: grafana-conf + persistentVolumeClaim: + claimName: grafana-conf + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + run: prometheus + name: prometheus + namespace: monitoring +spec: + replicas: 1 + selector: + matchLabels: + run: prometheus + template: + metadata: + labels: + run: prometheus + spec: + containers: + - args: + - --storage.tsdb.retention.time=1y + - --config.file=/etc/prometheus/prometheus.yml + image: prom/prometheus + name: prometheus + ports: + - containerPort: 9090 + volumeMounts: + - mountPath: /etc/prometheus + readOnly: true + name: prometheus + - mountPath: /prometheus/data + readOnly: false + name: prometheus-data + restartPolicy: Always + volumes: + - name: prometheus + persistentVolumeClaim: + claimName: prometheus + - name: prometheus-data + persistentVolumeClaim: + claimName: prometheus-data + + diff --git a/monitoring/grafpromstack/graf-ingress.yaml b/monitoring/grafpromstack/graf-ingress.yaml new file mode 100644 index 0000000..ce9d96f --- /dev/null +++ b/monitoring/grafpromstack/graf-ingress.yaml @@ -0,0 +1,18 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: grafana-ingr + namespace: monitoring +spec: + ingressClassName: nginx + rules: + - host: graf.squi.fr + http: + paths: + - pathType: Prefix + backend: + service: + name: grafana + port: + number: 80 + path: / diff --git a/monitoring/grafpromstack/graf-services.yaml b/monitoring/grafpromstack/graf-services.yaml new file mode 100644 index 0000000..5054652 --- /dev/null +++ b/monitoring/grafpromstack/graf-services.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + run: grafana + name: grafana + namespace: monitoring +spec: + ports: + - name: "grafweb" + port: 80 + targetPort: 3000 + selector: + run: grafana + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + run: prometheus + name: prometheus + namespace: monitoring +spec: + ports: + - name: "prom" + port: 9090 + targetPort: 9090 + selector: + run: prometheus + type: LoadBalancer + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + run: blackbox-exporter + name: blackbox-exporter + namespace: monitoring +spec: + ports: + - name: "bbox" + port: 9115 + targetPort: 9115 + selector: + run: blackbox-exporter + + diff --git a/monitoring/grafpromstack/grafana-pvc.yaml b/monitoring/grafpromstack/grafana-pvc.yaml new file mode 100644 index 0000000..957d199 --- /dev/null +++ b/monitoring/grafpromstack/grafana-pvc.yaml @@ -0,0 +1,75 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: blackbox-exporter + namespace: monitoring +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 10Gi + volumeName: blackbox-exporter + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: grafana-data + namespace: monitoring +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 50Gi + volumeName: grafana-data + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: grafana-conf + namespace: monitoring +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 10Gi + volumeName: grafana-conf + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: prometheus + namespace: monitoring +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 10Gi + volumeName: prometheus + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: prometheus-data + namespace: monitoring +spec: + accessModes: + - ReadWriteMany + storageClassName: "" + resources: + requests: + storage: 10Gi + volumeName: prometheus-data + diff --git a/monitoring/grafpromstack/grafana-volumeclaims.yaml b/monitoring/grafpromstack/grafana-volumeclaims.yaml new file mode 100644 index 0000000..cb7a5dd --- /dev/null +++ b/monitoring/grafpromstack/grafana-volumeclaims.yaml @@ -0,0 +1,85 @@ +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: blackbox-exporter + namespace: monitoring +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteMany + nfs: + server: nas.sq.lan + path: "/swarmdata/grafana/blackbox" + mountOptions: + - nfsvers=4.2 + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: grafana-data + namespace: monitoring +spec: + capacity: + storage: 50Gi + accessModes: + - ReadWriteMany + nfs: + server: nas.sq.lan + path: "/swarmdata/grafana/grafana-data" + mountOptions: + - nfsvers=4.2 + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: grafana-conf + namespace: monitoring +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteMany + nfs: + server: nas.sq.lan + path: "/swarmdata/grafana/grafana-conf" + mountOptions: + - nfsvers=4.2 + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: prometheus + namespace: monitoring +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteMany + nfs: + server: nas.sq.lan + path: "/swarmdata/grafana/prometheus-conf" + mountOptions: + - nfsvers=4.2 + +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: prometheus-data + namespace: monitoring +spec: + capacity: + storage: 30Gi + accessModes: + - ReadWriteMany + nfs: + server: nas.sq.lan + path: "/swarmdata/grafana/prometheus-data" + mountOptions: + - nfsvers=4.2 + diff --git a/monitoring/monitoring-ns.yaml b/monitoring/monitoring-ns.yaml new file mode 100644 index 0000000..d325236 --- /dev/null +++ b/monitoring/monitoring-ns.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: monitoring diff --git a/monitoring/prom-state-metrics/kub-state-metrics-rbac.yaml b/monitoring/prom-state-metrics/kub-state-metrics-rbac.yaml new file mode 100644 index 0000000..0a5bc26 --- /dev/null +++ b/monitoring/prom-state-metrics/kub-state-metrics-rbac.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.3.0 + name: kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: monitoring diff --git a/monitoring/prom-state-metrics/promstate-crole.yaml b/monitoring/prom-state-metrics/promstate-crole.yaml new file mode 100644 index 0000000..859e901 --- /dev/null +++ b/monitoring/prom-state-metrics/promstate-crole.yaml @@ -0,0 +1,109 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.3.0 + name: kube-state-metrics +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + - ingresses + verbs: + - list + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - list + - watch diff --git a/monitoring/prom-state-metrics/promstate-depl.yaml b/monitoring/prom-state-metrics/promstate-depl.yaml new file mode 100644 index 0000000..ae00aac --- /dev/null +++ b/monitoring/prom-state-metrics/promstate-depl.yaml @@ -0,0 +1,50 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.3.0 + name: kube-state-metrics + namespace: monitoring +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: kube-state-metrics + template: + metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.3.0 + spec: + automountServiceAccountToken: true + containers: + - image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.3.0 + imagePullPolicy: Always + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http-metrics + - containerPort: 8081 + name: telemetry + readinessProbe: + httpGet: + path: / + port: 8081 + initialDelaySeconds: 5 + timeoutSeconds: 5 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 65534 + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: kube-state-metrics diff --git a/monitoring/prom-state-metrics/promstate-rbac.yaml b/monitoring/prom-state-metrics/promstate-rbac.yaml new file mode 100644 index 0000000..d91fbbf --- /dev/null +++ b/monitoring/prom-state-metrics/promstate-rbac.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prometheus + namespace: monitoring +rules: +- apiGroups: [""] + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: ["get", "list", "watch"] +- apiGroups: + - extensions + resources: + - ingresses + verbs: ["get", "list", "watch"] +- nonResourceURLs: ["/metrics"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus +subjects: +- kind: ServiceAccount + name: default + namespace: monitoring diff --git a/monitoring/prom-state-metrics/promstate-svc.yaml b/monitoring/prom-state-metrics/promstate-svc.yaml new file mode 100644 index 0000000..367ea7f --- /dev/null +++ b/monitoring/prom-state-metrics/promstate-svc.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.3.0 + name: kube-state-metrics + namespace: monitoring +spec: + type: LoadBalancer + ports: + - name: http-metrics + port: 8080 + targetPort: http-metrics + - name: telemetry + port: 8081 + targetPort: telemetry + selector: + app.kubernetes.io/name: kube-state-metrics diff --git a/monitoring/prom-state-metrics/promstate-svcaccount.yaml b/monitoring/prom-state-metrics/promstate-svcaccount.yaml new file mode 100644 index 0000000..92ccc13 --- /dev/null +++ b/monitoring/prom-state-metrics/promstate-svcaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: exporter + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: 2.3.0 + name: kube-state-metrics + namespace: monitoring