Documentation ¶
Index ¶
Constants ¶
View Source
const ( //TODO: Construct monitoring dns name dynamically based on AWS and IBM Cloud Monitoring regions RemoteWriteDNSName string = "ingest.us-south.monitoring.cloud.ibm.com" KubeRBACProxyPortNumber int = 9339 PrometheusServingCertSecretName string = "prometheus-serving-cert-secret" PrometheusKubeRBACPoxyConfigMapName string = "prometheus-kube-rbac-proxy-config" )
Variables ¶
View Source
var AlertmanagerConfigTemplate = promv1a1.AlertmanagerConfig{ Spec: promv1a1.AlertmanagerConfigSpec{ Route: &promv1a1.Route{ Receiver: "null", Routes: []apiextensionsv1.JSON{ convertToApiExtV1JSON(promv1a1.Route{ GroupBy: []string{"alertname"}, GroupWait: "30s", GroupInterval: "5m", RepeatInterval: "12h", Matchers: []promv1a1.Matcher{{Name: "alertname", Value: getRegexMatcher(smtpAlerts), MatchType: promv1a1.MatchRegexp}}, Receiver: "SendGrid", }, ), convertToApiExtV1JSON(promv1a1.Route{ GroupBy: []string{"alertname"}, GroupWait: "30s", GroupInterval: "5m", RepeatInterval: "12h", Matchers: []promv1a1.Matcher{{Name: "alertname", Value: getRegexMatcher(pagerdutyAlerts), MatchType: promv1a1.MatchRegexp}}, Receiver: "pagerduty", }, ), }, }, Receivers: []promv1a1.Receiver{{ Name: "null", }, { Name: "pagerduty", PagerDutyConfigs: []promv1a1.PagerDutyConfig{{ ServiceKey: &corev1.SecretKeySelector{Key: "", LocalObjectReference: corev1.LocalObjectReference{Name: ""}}, Details: []promv1a1.KeyValue{{Key: "", Value: ""}}, }}, }, { Name: "SendGrid", EmailConfigs: []promv1a1.EmailConfig{{ SendResolved: &_false, Smarthost: "", From: "", To: "", AuthUsername: "", AuthPassword: &corev1.SecretKeySelector{Key: "", LocalObjectReference: corev1.LocalObjectReference{Name: ""}}, Headers: []promv1a1.KeyValue{{ Key: "subject", Value: `OpenShift Data Foundation Managed Service notification, Action required on your managed OpenShift cluster!`, }}, }, }, }, }, }, }
View Source
var AlertmanagerTemplate = promv1.Alertmanager{ Spec: promv1.AlertmanagerSpec{ Replicas: &_1, Resources: utils.GetResourceRequirements("alertmanager"), }, }
View Source
var EgressFirewallTemplate = ovnv1.EgressFirewall{ Spec: ovnv1.EgressFirewallSpec{ Egress: []ovnv1.EgressFirewallRule{ { To: ovnv1.EgressFirewallDestination{ DNSName: "events.pagerduty.com", }, Type: ovnv1.EgressFirewallRuleAllow, }, { To: ovnv1.EgressFirewallDestination{ DNSName: RemoteWriteDNSName, }, Type: ovnv1.EgressFirewallRuleAllow, }, { To: ovnv1.EgressFirewallDestination{ CIDRSelector: "100.64.0.0/16", }, Type: ovnv1.EgressFirewallRuleAllow, }, { To: ovnv1.EgressFirewallDestination{ CIDRSelector: "0.0.0.0/0", }, Type: ovnv1.EgressFirewallRuleDeny, }, }, }, }
View Source
var EgressNetworkPolicyTemplate = openshiftv1.EgressNetworkPolicy{ Spec: openshiftv1.EgressNetworkPolicySpec{ Egress: []openshiftv1.EgressNetworkPolicyRule{ { To: openshiftv1.EgressNetworkPolicyPeer{ DNSName: "events.pagerduty.com", }, Type: openshiftv1.EgressNetworkPolicyRuleAllow, }, { To: openshiftv1.EgressNetworkPolicyPeer{ CIDRSelector: "100.64.0.0/16", }, Type: openshiftv1.EgressNetworkPolicyRuleAllow, }, { To: openshiftv1.EgressNetworkPolicyPeer{ CIDRSelector: "0.0.0.0/0", }, Type: openshiftv1.EgressNetworkPolicyRuleDeny, }, }, }, }
View Source
var K8sMetricsServiceMonitorTemplate = promv1.ServiceMonitor{ Spec: promv1.ServiceMonitorSpec{ Endpoints: []promv1.Endpoint{ { Port: "web", Path: "/federate", Scheme: "https", ScrapeTimeout: "1m", Interval: "2m", HonorLabels: true, MetricRelabelConfigs: []*promv1.RelabelConfig{ { Action: "labeldrop", Regex: "prometheus_replica", }, }, RelabelConfigs: []*promv1.RelabelConfig{ { Action: "replace", Regex: "prometheus-k8s-.*", Replacement: "", SourceLabels: []promv1.LabelName{ "pod", }, TargetLabel: "pod", }, }, TLSConfig: &promv1.TLSConfig{ SafeTLSConfig: promv1.SafeTLSConfig{ InsecureSkipVerify: true, }, }, Params: params, BearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token", }, }, NamespaceSelector: promv1.NamespaceSelector{ MatchNames: []string{"openshift-monitoring"}, }, Selector: metav1.LabelSelector{ MatchLabels: map[string]string{ "app.kubernetes.io/component": "prometheus", }, }, }, }
View Source
var KubeRBACProxyConfigMap = corev1.ConfigMap{ Data: map[string]string{ "config-file.json": (func() string { config := struct { Authorization struct { Static [2]struct { Path string `json:"path"` ResourceRequest bool `json:"resourceRequest"` Verb string `json:"verb"` } `json:"static"` } `json:"authorization"` }{} item := &config.Authorization.Static[0] item.Verb = "get" item.Path = "/metrics" item.ResourceRequest = false item = &config.Authorization.Static[1] item.Verb = "get" item.Path = "/federate" item.ResourceRequest = false raw, _ := json.Marshal(config) return string(raw) })(), }, }
View Source
var NetworkPolicyTemplate = netv1.NetworkPolicy{ Spec: netv1.NetworkPolicySpec{ Ingress: []netv1.NetworkPolicyIngressRule{ { From: []netv1.NetworkPolicyPeer{ { PodSelector: &metav1.LabelSelector{}, }, }, }, }, PolicyTypes: []netv1.PolicyType{ netv1.PolicyTypeIngress, }, PodSelector: metav1.LabelSelector{}, }, }
View Source
var PrometheusProxyNetworkPolicyTemplate = netv1.NetworkPolicy{ Spec: netv1.NetworkPolicySpec{ Ingress: []netv1.NetworkPolicyIngressRule{ { Ports: []netv1.NetworkPolicyPort{ { Port: &prometheusProxyPort, Protocol: &prometheusProxyProtocol, }, }, }, }, PolicyTypes: []netv1.PolicyType{ netv1.PolicyTypeIngress, }, PodSelector: metav1.LabelSelector{ MatchExpressions: []metav1.LabelSelectorRequirement{ { Key: "prometheus", Operator: metav1.LabelSelectorOpIn, Values: []string{ "managed-ocs-prometheus", }, }, }, }, }, }
View Source
var PrometheusTemplate = promv1.Prometheus{ Spec: promv1.PrometheusSpec{ CommonPrometheusFields: promv1.CommonPrometheusFields{ ExternalLabels: map[string]string{}, ServiceAccountName: "prometheus-k8s", ServiceMonitorSelector: &resourceSelector, ServiceMonitorNamespaceSelector: &namespaceSelector, PodMonitorSelector: &resourceSelector, PodMonitorNamespaceSelector: &namespaceSelector, Resources: utils.GetResourceRequirements("prometheus"), ListenLocal: true, EnableAdminAPI: false, Containers: []corev1.Container{{ Name: "kube-rbac-proxy", Args: []string{ fmt.Sprintf("--secure-listen-address=0.0.0.0:%d", KubeRBACProxyPortNumber), "--upstream=http://127.0.0.1:9090/", "--logtostderr=true", "--v=10", "--tls-cert-file=/etc/tls-secret/tls.crt", "--tls-private-key-file=/etc/tls-secret/tls.key", "--client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt", "--config-file=/etc/kube-rbac-config/config-file.json", }, Ports: []corev1.ContainerPort{{ Name: "https", ContainerPort: int32(KubeRBACProxyPortNumber), }}, VolumeMounts: []corev1.VolumeMount{ { Name: "serving-cert", MountPath: "/etc/tls-secret", }, { Name: "kube-rbac-config", MountPath: "/etc/kube-rbac-config", }, }, Resources: utils.GetResourceRequirements("kube-rbac-proxy"), }}, Volumes: []corev1.Volume{ { Name: "serving-cert", VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: PrometheusServingCertSecretName, }, }, }, { Name: "kube-rbac-config", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ LocalObjectReference: corev1.LocalObjectReference{ Name: PrometheusKubeRBACPoxyConfigMapName, }, }, }, }, }, RemoteWrite: []promv1.RemoteWriteSpec{ { URL: "https://ingest.us-south.monitoring.cloud.ibm.com/prometheus/remote/write", WriteRelabelConfigs: []promv1.RelabelConfig{ { SourceLabels: []promv1.LabelName{"__name__", "alertname"}, Regex: getRelableRegex(alerts, metrics), Action: "keep", }, }, }, }, }, RuleSelector: &resourceSelector, RuleNamespaceSelector: &namespaceSelector, Alerting: &promv1.AlertingSpec{ Alertmanagers: []promv1.AlertmanagerEndpoints{{ Namespace: "", Name: "alertmanager-operated", Port: intstr.FromString("web"), }}, }, }, }
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.