No OneTemporary
Actions

Authored By

Unknown

Size

16 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/helm/templates/prometheus-configmap.yaml b/helm/templates/prometheus-configmap.yaml
	index 02fcdfa..b2f65ff 100644
	--- a/helm/templates/prometheus-configmap.yaml
	+++ b/helm/templates/prometheus-configmap.yaml
	@@ -1,441 +1,480 @@
	{{- if .Values.prometheus.enabled -}}
	kind: ConfigMap
	apiVersion: v1
	metadata:
	name: prom-config
	data:
	prometheus.yml: \|
	global:
	scrape_interval: 1m
	evaluation_interval: 1m
	external_labels:
	deployment: {{ .Values.domainName }}
	{{- if .Values.alertmanager.externalUrl }}
	alerting:
	alertmanagers:
	- static_configs:
	- targets:
	- {{ .Values.alertmanager.externalUrl }}
	scheme: {{ .Values.alertmanager.externalUrlScheme }}
	{{- end }}
	rule_files:
	- /config/prometheus/rules/*.yml
	scrape_configs:
	- job_name: 'kolab'
	static_configs:
	- targets: ['{{ .Values.kolab.servicesService }}:80']
	metrics_path: "/api/webhooks/metrics"
	- job_name: 'swoole'
	kubernetes_sd_configs:
	- role: pod
	namespaces:
	names:
	- {{ .Release.Namespace }}
	relabel_configs:
	- source_labels: [__meta_kubernetes_pod_label_app]
	action: keep
	regex: kolab\|kolab-services
	- source_labels: [__meta_kubernetes_pod_ip]
	target_label: __address__
	- target_label: __param_kubernetes_pod_name
	source_labels: [__meta_kubernetes_pod_name]
	- target_label: kubernetes_pod_name
	source_labels: [__param_kubernetes_pod_name]
	- target_label: __metrics_path__
	replacement: /api/webhooks/metrics/swoole
	- source_labels: [__address__]
	action: replace
	replacement: $1:8000
	target_label: __address__
	{{- if .Values.imap.enabled }}
	- job_name: 'imap'
	# We update slower than scrape interval, so the timestamps are usually outdated.
	# Also, the cyrus exporter tends to get stuck.
	honor_timestamps: false
	static_configs:
	- targets:
	{{- if .Values.imap.murder.enabled }}
	{{- range (untilStep 0 (int .Values.imap.replicas) 1) }}
	- 'imap-{{ . }}.imap-headless:11080'
	{{- end }}
	{{- else }}
	- 'imap:80'
	{{- if .Values.imap.replica.enabled }}
	- 'imap-replica:80'
	{{- end }}
	{{- end }}
	metrics_path: "/metrics"
	{{- end }}
	- job_name: "pushgateway"
	honor_labels: true
	static_configs:
	- targets: ['pushgateway:9091']
	{{- if .Values.prometheus.clusterMonitoring }}
	- job_name: 'vector-node-metrics'
	kubernetes_sd_configs:
	- role: pod
	namespaces:
	names:
	- kube-system
	relabel_configs:
	- source_labels: [__meta_kubernetes_pod_label_app]
	action: keep
	regex: vector
	- source_labels: [__meta_kubernetes_pod_ip]
	target_label: __address__
	- target_label: __param_kubernetes_pod_name
	source_labels: [__meta_kubernetes_pod_name]
	- target_label: kubernetes_pod_name
	source_labels: [__param_kubernetes_pod_name]
	- target_label: __metrics_path__
	replacement: /metrics
	- source_labels: [__address__]
	action: replace
	replacement: $1:9598
	target_label: __address__
	- job_name: 'kube-state-metrics'
	static_configs:
	- targets: ['kube-state-metrics.default.svc.cluster.local:8080']
	- job_name: 'kubelet metrics'
	bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
	kubernetes_sd_configs:
	- role: node
	relabel_configs:
	- action: labelmap
	regex: __meta_kubernetes_node_label_(.+)
	- action: labeldrop
	regex: beta_kubernetes_io(.+)
	- action: labeldrop
	regex: kubernetes_io(.+)
	- action: labeldrop
	regex: node_kubernetes_io(.+)
	- action: labeldrop
	regex: node_role_kubernetes_io(.+)
	- source_labels: [__address__]
	target_label: __address__
	regex: ([^:]+)(?::\d+)?
	replacement: $1:10250
	- regex: (.+)
	replacement: /metrics
	source_labels: [__meta_kubernetes_node_name]
	target_label: __metrics_path__
	metric_relabel_configs:
	# Drop the most expensive metrics that we don't look at
	- source_labels: [__name__]
	regex: (.+)_bucket\|apiserver_(.+)\|etcd_(.+)
	action: drop
	scheme: https
	tls_config:
	ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	insecure_skip_verify: true
	- job_name: 'cadvisor metrics'
	bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
	kubernetes_sd_configs:
	- role: node
	relabel_configs:
	- action: labelmap
	regex: __meta_kubernetes_node_label_(.+)
	- action: labeldrop
	regex: beta_kubernetes_io(.+)
	- action: labeldrop
	regex: kubernetes_io(.+)
	- action: labeldrop
	regex: node_kubernetes_io(.+)
	- action: labeldrop
	regex: node_role_kubernetes_io(.+)
	- source_labels: [__address__]
	target_label: __address__
	regex: ([^:]+)(?::\d+)?
	replacement: $1:10250
	- regex: (.+)
	replacement: /metrics/cadvisor
	source_labels: [__meta_kubernetes_node_name]
	target_label: __metrics_path__
	metric_relabel_configs:
	# Drop the most expensive metrics that we don't look at
	- source_labels: [__name__]
	regex: container_tasks_state\|container_fs_(.+)\|container_blkio_(.+)
	action: drop
	scheme: https
	tls_config:
	ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
	insecure_skip_verify: true
	{{- end }}
	{{- if .Values.prometheus.nodeMonitoring }}
	- job_name: 'node_exporter'
	metrics_path: /metrics
	scrape_interval: 15s
	static_configs:
	- targets:
	{{- range .Values.prometheus.nodeMonitoring.targets }}
	- {{ . }}
	{{- end }}
	{{- end }}
	{{- if .Values.prometheus.haproxyMonitoring }}
	- job_name: 'haproxy-metrics'
	static_configs:
	- targets:
	{{- range .Values.prometheus.haproxyMonitoring.targets }}
	- {{ . }}
	{{- end }}
	params:
	module: ['node']
	{{- end }}
	{{- if .Values.prometheus.mariadbMonitoring }}
	- job_name: mariadb
	static_configs:
	- targets:
	{{- range .Values.prometheus.mariadbMonitoring.targets }}
	- {{ . }}
	{{- end }}
	relabel_configs:
	- source_labels: [__address__]
	target_label: __param_target
	- source_labels: [__param_target]
	target_label: instance
	- target_label: __address__
	replacement: localhost:9104
	{{- end }}
	- job_name: blackbox-tcp-tls
	honor_timestamps: true
	params:
	module: [tcp_tls]
	metrics_path: /probe
	scheme: http
	follow_redirects: true
	enable_http2: true
	relabel_configs:
	- source_labels: [__address__]
	target_label: __param_target
	- source_labels: [__param_target]
	target_label: instance
	- source_labels: [__param_module]
	target_label: module
	- target_label: __address__
	replacement: localhost:9115
	static_configs:
	- targets:
	- {{ .Values.imap.host }}:993
	- # - job_name: blackbox-smtp-starttls
	- # metrics_path: /probe
	- # params:
	- # module: [smtp_starttls]
	- # relabel_configs:
	- # - source_labels: [__address__]
	- # target_label: __param_target
	- # - source_labels: [__param_target]
	- # target_label: instance
	- # - source_labels: [__param_module]
	- # target_label: module
	- # - target_label: __address__
	- # replacement: localhost:9115
	- # static_configs:
	- # - targets:
	- # - proxy:587
	+ - job_name: blackbox-lmtp
	+ honor_timestamps: true
	+ params:
	+ module: [lmtp]
	+ metrics_path: /probe
	+ scheme: http
	+ follow_redirects: true
	+ enable_http2: true
	+ relabel_configs:
	+ - source_labels: [__address__]
	+ target_label: __param_target
	+ - source_labels: [__param_target]
	+ target_label: instance
	+ - source_labels: [__param_module]
	+ target_label: module
	+ - target_label: __address__
	+ replacement: localhost:9115
	+ static_configs:
	+ - targets:
	+ - {{ .Values.postfix.lmtpDestination }}
	+ - job_name: blackbox-smtp-starttls
	+ honor_timestamps: true
	+ metrics_path: /probe
	+ params:
	+ module: [smtp_starttls]
	+ relabel_configs:
	+ - source_labels: [__address__]
	+ target_label: __param_target
	+ - source_labels: [__param_target]
	+ target_label: instance
	+ - source_labels: [__param_module]
	+ target_label: module
	+ - target_label: __address__
	+ replacement: localhost:9115
	+ static_configs:
	+ - targets:
	+ - proxy:587
	+ {{- if .Values.postfix.relayHost }}
	+ - {{ .Values.postfix.relayHost \| trimAll "[]" }}:25
	+ {{- end }}
	+ {{- if .Values.postfix.restrictedUserRelayHost }}
	+ - {{ .Values.postfix.restrictedUserRelayHost \| trimAll "[]" \| replace "]" "" }}
	+ {{- end }}
	{{- if .Values.loki.enabled }}
	- job_name: 'loki'
	static_configs:
	- targets: ['loki:3100']
	metrics_path: "/metrics"
	metric_relabel_configs:
	# Drop most metrics
	- source_labels: [__name__]
	regex: loki_internal_log_(.+)
	action: keep
	{{- end }}
	{{- if .Values.victorialogs.enabled }}
	- job_name: 'victorialogs'
	static_configs:
	- targets: ['victorialogs:9428']
	metrics_path: "/metrics"
	{{- end }}

	blackbox.yml: \|
	modules:
	http_2xx:
	prober: http
	timeout: 5s
	http:
	valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
	valid_status_codes: []
	method: GET
	preferred_ip_protocol: "ip4"
	ip_protocol_fallback: false
	tls_config:
	insecure_skip_verify: true
	https_2xx:
	prober: http
	timeout: 5s
	http:
	valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
	valid_status_codes: []
	fail_if_not_ssl: true
	method: GET
	preferred_ip_protocol: "ip4"
	ip_protocol_fallback: false
	https_403:
	prober: http
	timeout: 5s
	http:
	valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
	valid_status_codes: [403]
	fail_if_not_ssl: true
	method: GET
	preferred_ip_protocol: "ip4"
	ip_protocol_fallback: false
	http_2xx_auth:
	prober: http
	timeout: 5s
	http:
	valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
	valid_status_codes: []
	method: GET
	preferred_ip_protocol: "ip4"
	ip_protocol_fallback: false
	basic_auth:
	username: "{{ .Values.serviceAccounts.monitoring1.user }}"
	password: "{{ .Values.serviceAccounts.monitoring1.password }}"
	tls_config:
	insecure_skip_verify: true
	https_2xx_auth:
	prober: http
	timeout: 5s
	http:
	valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
	valid_status_codes: []
	fail_if_not_ssl: true
	method: GET
	preferred_ip_protocol: "ip4"
	ip_protocol_fallback: false
	basic_auth:
	username: "{{ .Values.serviceAccounts.monitoring1.user }}"
	password: "{{ .Values.serviceAccounts.monitoring1.password }}"
	icmp:
	prober: icmp
	icmp:
	preferred_ip_protocol: "ip4"
	ip_protocol_fallback: false
	+ tcp:
	+ prober: tcp
	+ timeout: 5s
	+ tcp:
	+ tls: false
	tcp_tls:
	prober: tcp
	timeout: 5s
	tcp:
	tls: true
	tls_config:
	server_name: "{{ template "kolab.websiteDomain" . }}"
	{{- if .Values.tlsSecret.ca }}
	ca_file: /etc/certs/ca.cert
	{{- end }}
	imap_starttls:
	prober: tcp
	timeout: 5s
	tcp:
	query_response:
	- expect: "OK.*STARTTLS"
	- send: ". STARTTLS"
	- expect: "OK"
	- starttls: true
	- send: ". capability"
	- expect: "CAPABILITY IMAP4rev1"
	+ lmtp:
	+ prober: tcp
	+ timeout: 5s
	+ tcp:
	+ query_response:
	+ - expect: "^220 ([^ ]+) LMTP (.+)$"
	+ - send: "QUIT\r"
	smtp_starttls:
	prober: tcp
	timeout: 5s
	tcp:
	query_response:
	- expect: "^220 ([^ ]+) ESMTP (.+)$"
	- send: "EHLO prober\r"
	- expect: "^250-STARTTLS"
	- send: "STARTTLS\r"
	- expect: "^220"
	- starttls: true
	- send: "EHLO prober\r"
	- expect: "^250-AUTH"
	- send: "QUIT\r"
	tls_config:
	server_name: "{{ template "kolab.websiteDomain" . }}"
	{{- if .Values.tlsSecret.ca }}
	ca_file: /etc/certs/ca.cert
	{{- end }}

	dashboard.html: \|
	{{ .Files.Get "files/dashboard.html" \| indent 4}}


	prometheus.rules.yml: \|
	groups:
	- name: prometheus-checks
	rules:
	- alert: Watchdog
	expr: vector(1)
	labels:
	severity: none
	prometheus: "{{ .Values.domainName }}"
	annotations:
	summary: An alert that should always be firing to certify that Alertmanager is working properly.

	- alert: scrape_job_down
	expr: up == 0
	for: 5m
	labels:
	severity: warning
	annotations:
	summary: Scrape job {{ "{{" }} $labels.job {{ "}}" }} down on {{ "{{" }} $labels.hostname {{ "}}" }}.

	{{- if .Values.prometheus.mariadbMonitoring }}
	- name: mysqld-checks
	rules:
	- alert: MysqlNodeIsDown
	annotations:
	summary: A mysql node is down on {{ "{{" }} $labels.hostname {{ "}}" }}.
	expr: mysql_up == 0
	for: 1m
	labels:
	severity: critical

	- alert: WSREPNotConnected
	annotations:
	summary: A mysql node is down on {{ "{{" }} $labels.hostname {{ "}}" }}.
	expr: mysql_global_status_wsrep_connected == 0
	for: 1m
	labels:
	severity: critical

	- alert: WSREPClusterSize
	annotations:
	summary: The mariadb cluster does not have all {{ .Values.prometheus.mariadbMonitoring.clusterSize }} paricipants.
	expr: mysql_global_status_wsrep_cluster_size != {{ .Values.prometheus.mariadbMonitoring.clusterSize }}
	for: 1m
	labels:
	severity: critical

	- alert: WSREPClusterStatus
	annotations:
	summary: Cluster status not ok.
	expr: mysql_global_status_wsrep_cluster_status == 0
	for: 1m
	labels:
	severity: critical
	{{- end }}
	{{- if .Values.imap.replica.enabled }}
	- alert: IMAPReplicaOutOfSync
	annotations:
	summary: The IMAP replica is not in sync with the primary.
	expr: abs(cyrus_usage_mailboxes{instance=~"imap:."} - ignoring (instance) cyrus_usage_mailboxes{instance=~"imap-replica:."}) == 0
	for: 1m
	labels:
	severity: critical
	{{- end }}
	# TODO for imap murder ensure the folder count matches
	{{- if .Values.prometheus.extraRules }}
	{{ toYaml .Values.prometheus.extraRules \| nindent 6 }}
	{{ end }}


	web.rules.yml: \|
	{{ .Files.Get "files/web.rules.yml" \| indent 4}}

	{{- if .Values.prometheus.clusterMonitoring }}
	cluster.rules.yml: \|
	{{ .Files.Get "files/cluster.rules.yml" \| indent 4}}
	{{- end }}

	{{- end }}

File Metadata

Mime Type: text/x-diff
Expires: Sat, Apr 4, 5:38 AM (5 d, 3 h ago)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 18822728
Default Alt Text: (16 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions