local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet'; local pvc = k.core.v1.persistentVolumeClaim; local ingress = k.extensions.v1beta1.ingress; local ingressTls = ingress.mixin.spec.tlsType; local ingressRule = ingress.mixin.spec.rulesType; local httpIngressPath = ingressRule.mixin.http.pathsType; local statefulSet = k.apps.v1.statefulSet; local selector = statefulSet.mixin.spec.selectorType; local kp = (import 'kube-prometheus/main.libsonnet') + (import 'prometheus-pushgateway/pushgateway.libsonnet') + (import 'k3s.libsonnet') { _config+:: { namespace: 'monitoring', versions+:: { pushgateway: 'v1.1.0', }, prometheus+:: { names: 'k8s', replicas: 1, namespaces+: ['k8up', 'owntracks'], }, alertmanager+:: { replicas: 1, }, grafana+: { plugins: ['grafana-piechart-panel'], datasources+: [{ name: 'Loki', type: 'loki', access: 'proxy', orgId: 1, url: 'http://loki.loki:3100', version: 1, editable: false, }], }, }, alertmanager+:: { alertmanager+: { spec+: { configSecret: 'alertmanager-tbrnt-config', }, }, }, prometheus+:: { prometheus+: { spec+: { retention: '7d', externalUrl: 'http://prometheus-k8s.monitoring:9090', serviceMonitorNamespaceSelector: selector.withMatchExpressions({ key: 'prometheus', operator: 'In', values: ['yes', 'true'] }), podMonitorNamespaceSelector: selector.withMatchExpressions({ key: 'prometheus', operator: 'In', values: ['yes', 'true'] }), storage: { volumeClaimTemplate: pvc.new() + pvc.mixin.spec.withAccessModes('ReadWriteOnce') + pvc.mixin.spec.resources.withRequests({ storage: '10Gi' }) + pvc.mixin.spec.withStorageClassName('local-path'), }, }, }, }, ingress+:: { grafana: ingress.new() + ingress.mixin.metadata.withName('grafana') + ingress.mixin.metadata.withNamespace($._config.namespace) + ingress.mixin.metadata.withAnnotations({ 'cert-manager.io/cluster-issuer': 'letsencrypt-prod', 'ingress.kubernetes.io/ssl-redirect': 'true', }) + ingress.mixin.spec.withRules( ingressRule.new() + ingressRule.withHost('grafana.knurrli.tbrnt.ch') + ingressRule.mixin.http.withPaths( httpIngressPath.new() + httpIngressPath.mixin.backend.withServiceName('grafana') + httpIngressPath.mixin.backend.withServicePort('http') ), ) + ingress.mixin.spec.withTls( ingressTls.new() + ingressTls.withHosts('grafana.knurrli.tbrnt.ch') + ingressTls.withSecretName('grafana-ingress-cert') ), }, grafanaDashboards+:: { 'traefik.json': (import 'traefik-grafana-dashboard.json'), }, }; { ['setup/0namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } + { ['setup/prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.filter((function(name) name != 'serviceMonitor'), std.objectFields(kp.prometheusOperator)) } + // serviceMonitor is separated so that it can be created after the CRDs are ready { 'prometheus-operator-serviceMonitor': kp.prometheusOperator.serviceMonitor } + { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } + { ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } + { ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } + { ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } + { ['prometheus-adapter-' + name]: kp.prometheusAdapter[name] for name in std.objectFields(kp.prometheusAdapter) } + { ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) } + { ['prometheus-pushgateway-' + name]: kp.pushgateway[name] for name in std.objectFields(kp.pushgateway) } + { ['ingress-' + name]: kp.ingress[name] for name in std.objectFields(kp.ingress) }