templates

package
v0.0.0-...-16423e1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 15, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const (
	//TODO: Construct monitoring dns name dynamically based on AWS and IBM Cloud Monitoring regions
	RemoteWriteDNSName                  string = "ingest.us-south.monitoring.cloud.ibm.com"
	KubeRBACProxyPortNumber             int    = 9339
	PrometheusServingCertSecretName     string = "prometheus-serving-cert-secret"
	PrometheusKubeRBACPoxyConfigMapName string = "prometheus-kube-rbac-proxy-config"
)

Variables

View Source
var AlertmanagerConfigTemplate = promv1a1.AlertmanagerConfig{
	Spec: promv1a1.AlertmanagerConfigSpec{
		Route: &promv1a1.Route{
			Receiver: "null",
			Routes: []apiextensionsv1.JSON{
				convertToApiExtV1JSON(promv1a1.Route{
					GroupBy:        []string{"alertname"},
					GroupWait:      "30s",
					GroupInterval:  "5m",
					RepeatInterval: "12h",
					Matchers:       []promv1a1.Matcher{{Name: "alertname", Value: getRegexMatcher(smtpAlerts), MatchType: promv1a1.MatchRegexp}},
					Receiver:       "SendGrid",
				},
				),
				convertToApiExtV1JSON(promv1a1.Route{
					GroupBy:        []string{"alertname"},
					GroupWait:      "30s",
					GroupInterval:  "5m",
					RepeatInterval: "12h",
					Matchers:       []promv1a1.Matcher{{Name: "alertname", Value: getRegexMatcher(pagerdutyAlerts), MatchType: promv1a1.MatchRegexp}},
					Receiver:       "pagerduty",
				},
				),
			},
		},
		Receivers: []promv1a1.Receiver{{
			Name: "null",
		}, {
			Name: "pagerduty",
			PagerDutyConfigs: []promv1a1.PagerDutyConfig{{
				ServiceKey: &corev1.SecretKeySelector{Key: "", LocalObjectReference: corev1.LocalObjectReference{Name: ""}},
				Details:    []promv1a1.KeyValue{{Key: "", Value: ""}},
			}},
		}, {
			Name: "SendGrid",
			EmailConfigs: []promv1a1.EmailConfig{{
				SendResolved: &_false,
				Smarthost:    "",
				From:         "",
				To:           "",
				AuthUsername: "",
				AuthPassword: &corev1.SecretKeySelector{Key: "", LocalObjectReference: corev1.LocalObjectReference{Name: ""}},
				Headers: []promv1a1.KeyValue{{
					Key:   "subject",
					Value: `OpenShift Data Foundation Managed Service notification, Action required on your managed OpenShift cluster!`,
				}},
			},
			},
		},
		},
	},
}
View Source
var AlertmanagerTemplate = promv1.Alertmanager{
	Spec: promv1.AlertmanagerSpec{
		Replicas:  &_1,
		Resources: utils.GetResourceRequirements("alertmanager"),
	},
}
View Source
var EgressFirewallTemplate = ovnv1.EgressFirewall{
	Spec: ovnv1.EgressFirewallSpec{
		Egress: []ovnv1.EgressFirewallRule{
			{
				To: ovnv1.EgressFirewallDestination{
					DNSName: "events.pagerduty.com",
				},
				Type: ovnv1.EgressFirewallRuleAllow,
			},
			{
				To: ovnv1.EgressFirewallDestination{
					DNSName: RemoteWriteDNSName,
				},
				Type: ovnv1.EgressFirewallRuleAllow,
			},
			{
				To: ovnv1.EgressFirewallDestination{
					CIDRSelector: "100.64.0.0/16",
				},
				Type: ovnv1.EgressFirewallRuleAllow,
			},
			{
				To: ovnv1.EgressFirewallDestination{
					CIDRSelector: "0.0.0.0/0",
				},
				Type: ovnv1.EgressFirewallRuleDeny,
			},
		},
	},
}
View Source
var EgressNetworkPolicyTemplate = openshiftv1.EgressNetworkPolicy{
	Spec: openshiftv1.EgressNetworkPolicySpec{
		Egress: []openshiftv1.EgressNetworkPolicyRule{
			{
				To: openshiftv1.EgressNetworkPolicyPeer{
					DNSName: "events.pagerduty.com",
				},
				Type: openshiftv1.EgressNetworkPolicyRuleAllow,
			},
			{
				To: openshiftv1.EgressNetworkPolicyPeer{
					CIDRSelector: "100.64.0.0/16",
				},
				Type: openshiftv1.EgressNetworkPolicyRuleAllow,
			},
			{
				To: openshiftv1.EgressNetworkPolicyPeer{
					CIDRSelector: "0.0.0.0/0",
				},
				Type: openshiftv1.EgressNetworkPolicyRuleDeny,
			},
		},
	},
}
View Source
var K8sMetricsServiceMonitorTemplate = promv1.ServiceMonitor{
	Spec: promv1.ServiceMonitorSpec{
		Endpoints: []promv1.Endpoint{
			{
				Port:          "web",
				Path:          "/federate",
				Scheme:        "https",
				ScrapeTimeout: "1m",
				Interval:      "2m",
				HonorLabels:   true,
				MetricRelabelConfigs: []*promv1.RelabelConfig{
					{
						Action: "labeldrop",
						Regex:  "prometheus_replica",
					},
				},
				RelabelConfigs: []*promv1.RelabelConfig{
					{
						Action:      "replace",
						Regex:       "prometheus-k8s-.*",
						Replacement: "",
						SourceLabels: []promv1.LabelName{
							"pod",
						},
						TargetLabel: "pod",
					},
				},
				TLSConfig: &promv1.TLSConfig{
					SafeTLSConfig: promv1.SafeTLSConfig{
						InsecureSkipVerify: true,
					},
				},
				Params:          params,
				BearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token",
			},
		},
		NamespaceSelector: promv1.NamespaceSelector{
			MatchNames: []string{"openshift-monitoring"},
		},
		Selector: metav1.LabelSelector{
			MatchLabels: map[string]string{
				"app.kubernetes.io/component": "prometheus",
			},
		},
	},
}
View Source
var KubeRBACProxyConfigMap = corev1.ConfigMap{
	Data: map[string]string{
		"config-file.json": (func() string {
			config := struct {
				Authorization struct {
					Static [2]struct {
						Path            string `json:"path"`
						ResourceRequest bool   `json:"resourceRequest"`
						Verb            string `json:"verb"`
					} `json:"static"`
				} `json:"authorization"`
			}{}

			item := &config.Authorization.Static[0]
			item.Verb = "get"
			item.Path = "/metrics"
			item.ResourceRequest = false

			item = &config.Authorization.Static[1]
			item.Verb = "get"
			item.Path = "/federate"
			item.ResourceRequest = false

			raw, _ := json.Marshal(config)
			return string(raw)
		})(),
	},
}
View Source
var NetworkPolicyTemplate = netv1.NetworkPolicy{
	Spec: netv1.NetworkPolicySpec{
		Ingress: []netv1.NetworkPolicyIngressRule{
			{
				From: []netv1.NetworkPolicyPeer{
					{
						PodSelector: &metav1.LabelSelector{},
					},
				},
			},
		},
		PolicyTypes: []netv1.PolicyType{
			netv1.PolicyTypeIngress,
		},
		PodSelector: metav1.LabelSelector{},
	},
}
View Source
var PrometheusProxyNetworkPolicyTemplate = netv1.NetworkPolicy{
	Spec: netv1.NetworkPolicySpec{
		Ingress: []netv1.NetworkPolicyIngressRule{
			{
				Ports: []netv1.NetworkPolicyPort{
					{
						Port:     &prometheusProxyPort,
						Protocol: &prometheusProxyProtocol,
					},
				},
			},
		},
		PolicyTypes: []netv1.PolicyType{
			netv1.PolicyTypeIngress,
		},
		PodSelector: metav1.LabelSelector{
			MatchExpressions: []metav1.LabelSelectorRequirement{
				{
					Key:      "prometheus",
					Operator: metav1.LabelSelectorOpIn,
					Values: []string{
						"managed-ocs-prometheus",
					},
				},
			},
		},
	},
}
View Source
var PrometheusTemplate = promv1.Prometheus{
	Spec: promv1.PrometheusSpec{
		CommonPrometheusFields: promv1.CommonPrometheusFields{
			ExternalLabels:                  map[string]string{},
			ServiceAccountName:              "prometheus-k8s",
			ServiceMonitorSelector:          &resourceSelector,
			ServiceMonitorNamespaceSelector: &namespaceSelector,
			PodMonitorSelector:              &resourceSelector,
			PodMonitorNamespaceSelector:     &namespaceSelector,
			Resources:                       utils.GetResourceRequirements("prometheus"),
			ListenLocal:                     true,
			EnableAdminAPI:                  false,
			Containers: []corev1.Container{{
				Name: "kube-rbac-proxy",
				Args: []string{
					fmt.Sprintf("--secure-listen-address=0.0.0.0:%d", KubeRBACProxyPortNumber),
					"--upstream=http://127.0.0.1:9090/",
					"--logtostderr=true",
					"--v=10",
					"--tls-cert-file=/etc/tls-secret/tls.crt",
					"--tls-private-key-file=/etc/tls-secret/tls.key",
					"--client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt",
					"--config-file=/etc/kube-rbac-config/config-file.json",
				},
				Ports: []corev1.ContainerPort{{
					Name:          "https",
					ContainerPort: int32(KubeRBACProxyPortNumber),
				}},
				VolumeMounts: []corev1.VolumeMount{
					{
						Name:      "serving-cert",
						MountPath: "/etc/tls-secret",
					},
					{
						Name:      "kube-rbac-config",
						MountPath: "/etc/kube-rbac-config",
					},
				},
				Resources: utils.GetResourceRequirements("kube-rbac-proxy"),
			}},
			Volumes: []corev1.Volume{
				{
					Name: "serving-cert",
					VolumeSource: corev1.VolumeSource{
						Secret: &corev1.SecretVolumeSource{
							SecretName: PrometheusServingCertSecretName,
						},
					},
				},
				{
					Name: "kube-rbac-config",
					VolumeSource: corev1.VolumeSource{
						ConfigMap: &corev1.ConfigMapVolumeSource{
							LocalObjectReference: corev1.LocalObjectReference{
								Name: PrometheusKubeRBACPoxyConfigMapName,
							},
						},
					},
				},
			},
			RemoteWrite: []promv1.RemoteWriteSpec{
				{
					URL: "https://ingest.us-south.monitoring.cloud.ibm.com/prometheus/remote/write",
					WriteRelabelConfigs: []promv1.RelabelConfig{
						{
							SourceLabels: []promv1.LabelName{"__name__", "alertname"},
							Regex:        getRelableRegex(alerts, metrics),
							Action:       "keep",
						},
					},
				},
			},
		},
		RuleSelector:          &resourceSelector,
		RuleNamespaceSelector: &namespaceSelector,
		Alerting: &promv1.AlertingSpec{
			Alertmanagers: []promv1.AlertmanagerEndpoints{{
				Namespace: "",
				Name:      "alertmanager-operated",
				Port:      intstr.FromString("web"),
			}},
		},
	},
}

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL