Rangé la section monitoring

2022-07-07 15:48:29 +02:00 · 2022-07-07 15:48:29 +02:00 · d2564bc6f1
commit d2564bc6f1
parent f4bce173c0
12 changed files with 599 additions and 0 deletions
--- a/monitoring/grafpromstack/graf-deployment.yaml
+++ b/monitoring/grafpromstack/graf-deployment.yaml
@ -0,0 +1,129 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: blackbox-exporter
+  name: blackbox-exporter
+  namespace: monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: blackbox-exporter
+  template:
+    metadata:
+      labels:
+        run: blackbox-exporter
+    spec:
+      containers:
+        - image: prom/blackbox-exporter:master
+          name: blackbox-exporter
+          volumeMounts:
+            - mountPath: /etc/blackbox_exporter
+              name: blackbox-exporter
+              readOnly: true
+      restartPolicy: Always
+      volumes:
+        - name: blackbox-exporter
+          persistentVolumeClaim:
+            claimName: blackbox-exporter
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: grafana
+  name: grafana
+  namespace: monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: grafana
+  template:
+    metadata:
+      labels:
+        run: grafana
+    spec:
+      initContainers:
+        - name: volume-mount-hack
+          image: busybox:1.28
+          command: ["sh", "-c", "chown -R 472:472 /etc/grafana && chown -R 472:472 /var/lib/grafana"]
+          volumeMounts:
+            - mountPath: /var/lib/grafana
+              readOnly: false
+              name: grafana-data
+            - mountPath: /etc/grafana
+              readOnly: false
+              name: grafana-conf
+      volumes:
+        - name: grafana-data
+          persistentVolumeClaim:
+            claimName: grafana-data
+        - name: grafana-conf
+          persistentVolumeClaim:
+            claimName: grafana-conf
+
+      containers:
+        - image: grafana/grafana
+          name: grafana
+          volumeMounts:
+            - mountPath: /var/lib/grafana
+              readOnly: false
+              name: grafana-data
+            - mountPath: /etc/grafana
+              readOnly: false
+              name: grafana-conf
+      restartPolicy: Always
+      volumes:
+        - name: grafana-data
+          persistentVolumeClaim:
+            claimName: grafana-data
+        - name: grafana-conf
+          persistentVolumeClaim:
+            claimName: grafana-conf
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    run: prometheus
+  name: prometheus
+  namespace: monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      run: prometheus
+  template:
+    metadata:
+      labels:
+        run: prometheus
+    spec:
+      containers:
+        - args:
+            - --storage.tsdb.retention.time=1y
+            - --config.file=/etc/prometheus/prometheus.yml
+          image: prom/prometheus
+          name: prometheus
+          ports:
+            - containerPort: 9090
+          volumeMounts:
+            - mountPath: /etc/prometheus
+              readOnly: true
+              name: prometheus
+            - mountPath: /prometheus/data
+              readOnly: false
+              name: prometheus-data
+      restartPolicy: Always
+      volumes:
+        - name: prometheus
+          persistentVolumeClaim:
+            claimName: prometheus
+        - name: prometheus-data
+          persistentVolumeClaim:
+            claimName: prometheus-data
+
+
--- a/monitoring/grafpromstack/graf-ingress.yaml
+++ b/monitoring/grafpromstack/graf-ingress.yaml
@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana-ingr
+  namespace: monitoring
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: graf.squi.fr
+      http:
+        paths:
+          - pathType: Prefix
+            backend:
+              service:
+                name: grafana 
+                port:
+                  number: 80
+            path: /
--- a/monitoring/grafpromstack/graf-services.yaml
+++ b/monitoring/grafpromstack/graf-services.yaml
@ -0,0 +1,49 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    run: grafana
+  name: grafana
+  namespace: monitoring
+spec:
+  ports:
+    - name: "grafweb"
+      port: 80
+      targetPort: 3000
+  selector:
+    run: grafana
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    run: prometheus
+  name: prometheus
+  namespace: monitoring
+spec:
+  ports:
+    - name: "prom"
+      port: 9090
+      targetPort: 9090
+  selector:
+    run: prometheus
+  type: LoadBalancer
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    run: blackbox-exporter
+  name: blackbox-exporter
+  namespace: monitoring
+spec:
+  ports:
+    - name: "bbox"
+      port: 9115
+      targetPort: 9115
+  selector:
+    run: blackbox-exporter
+
+
--- a/monitoring/grafpromstack/grafana-pvc.yaml
+++ b/monitoring/grafpromstack/grafana-pvc.yaml
@ -0,0 +1,75 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: blackbox-exporter
+  namespace: monitoring
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 10Gi
+  volumeName: blackbox-exporter
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grafana-data
+  namespace: monitoring
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 50Gi
+  volumeName: grafana-data
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: grafana-conf
+  namespace: monitoring
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 10Gi
+  volumeName: grafana-conf
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prometheus
+  namespace: monitoring
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 10Gi
+  volumeName: prometheus
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prometheus-data
+  namespace: monitoring
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: ""
+  resources:
+    requests:
+      storage: 10Gi
+  volumeName: prometheus-data
+
--- a/monitoring/grafpromstack/grafana-volumeclaims.yaml
+++ b/monitoring/grafpromstack/grafana-volumeclaims.yaml
@ -0,0 +1,85 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: blackbox-exporter
+  namespace: monitoring
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: nas.sq.lan
+    path: "/swarmdata/grafana/blackbox"
+  mountOptions:
+    - nfsvers=4.2
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: grafana-data
+  namespace: monitoring
+spec:
+  capacity:
+    storage: 50Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: nas.sq.lan
+    path: "/swarmdata/grafana/grafana-data"
+  mountOptions:
+    - nfsvers=4.2
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: grafana-conf
+  namespace: monitoring
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: nas.sq.lan
+    path: "/swarmdata/grafana/grafana-conf"
+  mountOptions:
+    - nfsvers=4.2
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: prometheus
+  namespace: monitoring
+spec:
+  capacity:
+    storage: 10Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: nas.sq.lan
+    path: "/swarmdata/grafana/prometheus-conf"
+  mountOptions:
+    - nfsvers=4.2
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: prometheus-data
+  namespace: monitoring
+spec:
+  capacity:
+    storage: 30Gi
+  accessModes:
+    - ReadWriteMany
+  nfs:
+    server: nas.sq.lan
+    path: "/swarmdata/grafana/prometheus-data"
+  mountOptions:
+    - nfsvers=4.2
+
--- a/monitoring/monitoring-ns.yaml
+++ b/monitoring/monitoring-ns.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
--- a/monitoring/prom-state-metrics/kub-state-metrics-rbac.yaml
+++ b/monitoring/prom-state-metrics/kub-state-metrics-rbac.yaml
@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: exporter
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 2.3.0
+  name: kube-state-metrics
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-state-metrics
+subjects:
+- kind: ServiceAccount
+  name: kube-state-metrics
+  namespace: monitoring
--- a/monitoring/prom-state-metrics/promstate-crole.yaml
+++ b/monitoring/prom-state-metrics/promstate-crole.yaml
@ -0,0 +1,109 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/component: exporter
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 2.3.0
+  name: kube-state-metrics
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  - nodes
+  - pods
+  - services
+  - resourcequotas
+  - replicationcontrollers
+  - limitranges
+  - persistentvolumeclaims
+  - persistentvolumes
+  - namespaces
+  - endpoints
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  - daemonsets
+  - deployments
+  - replicasets
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  - volumeattachments
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  - ingresses
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - list
+  - watch
--- a/monitoring/prom-state-metrics/promstate-depl.yaml
+++ b/monitoring/prom-state-metrics/promstate-depl.yaml
@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/component: exporter
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 2.3.0
+  name: kube-state-metrics
+  namespace: monitoring
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-state-metrics
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: exporter
+        app.kubernetes.io/name: kube-state-metrics
+        app.kubernetes.io/version: 2.3.0
+    spec:
+      automountServiceAccountToken: true
+      containers:
+      - image: k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.3.0
+        imagePullPolicy: Always
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        name: kube-state-metrics
+        ports:
+        - containerPort: 8080
+          name: http-metrics
+        - containerPort: 8081
+          name: telemetry
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8081
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          runAsUser: 65534
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: kube-state-metrics
--- a/monitoring/prom-state-metrics/promstate-rbac.yaml
+++ b/monitoring/prom-state-metrics/promstate-rbac.yaml
@ -0,0 +1,34 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prometheus
+  namespace: monitoring
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - nodes/proxy
+  - services
+  - endpoints
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["/metrics"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prometheus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: monitoring
--- a/monitoring/prom-state-metrics/promstate-svc.yaml
+++ b/monitoring/prom-state-metrics/promstate-svc.yaml
@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/component: exporter
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 2.3.0
+  name: kube-state-metrics
+  namespace: monitoring
+spec:
+  type: LoadBalancer
+  ports:
+  - name: http-metrics
+    port: 8080
+    targetPort: http-metrics
+  - name: telemetry
+    port: 8081
+    targetPort: telemetry
+  selector:
+    app.kubernetes.io/name: kube-state-metrics
--- a/monitoring/prom-state-metrics/promstate-svcaccount.yaml
+++ b/monitoring/prom-state-metrics/promstate-svcaccount.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+automountServiceAccountToken: false
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/component: exporter
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: 2.3.0
+  name: kube-state-metrics
+  namespace: monitoring