diff options
Diffstat (limited to 'kubernetes/namespaces/monitoring/alerts/alertmanager')
7 files changed, 204 insertions, 0 deletions
diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/deployment.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/deployment.yaml new file mode 100644 index 0000000..4f1c322 --- /dev/null +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/deployment.yaml @@ -0,0 +1,92 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: alertmanager + namespace: monitoring +spec: + replicas: 3 + selector: + matchLabels: + app: alertmanager + template: + metadata: + labels: + app: alertmanager + spec: + serviceAccountName: prometheus + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - alertmanager + namespaces: + - monitoring + topologyKey: kubernetes.io/hostname + weight: 100 + initContainers: + - image: debian:bullseye-slim + imagePullPolicy: Always + name: alertmanager-peering-setup + command: [ + '/opt/pydis/alertmanager/init.d/find-pods.sh' + ] + volumeMounts: + - name: alertmanager-init + mountPath: /opt/pydis/alertmanager/init.d + - name: alertmanager-tmp + mountPath: /tmp + securityContext: + runAsUser: 0 + containers: + - image: prom/alertmanager:latest + imagePullPolicy: Always + name: alertmanager + command: + - /bin/sh + - -c + - | + exec /bin/alertmanager \ + --config.file=/opt/pydis/alertmanager/config.d/alertmanager.yaml \ + --web.external-url=https://alertmanager.pythondiscord.com \ + --storage.path=/data/alertmanager \ + $(cat /tmp/peers) + ports: + - name: am + containerPort: 9093 + - name: am-peering + containerPort: 9094 + volumeMounts: + - name: alertmanager-config + mountPath: /opt/pydis/alertmanager/config.d + - name: alertmanager-webhooks + mountPath: /opt/pydis/alertmanager/webhooks + - name: alertmanager-tmp-data + mountPath: /data + - name: alertmanager-tmp + mountPath: /tmp + securityContext: + readOnlyRootFilesystem: true + restartPolicy: Always + volumes: + - name: alertmanager-config + configMap: + name: alertmanager-config + - name: alertmanager-webhooks + secret: + secretName: alert-manager-hook + - name: alertmanager-tmp-data + emptyDir: {} + - name: alertmanager-tmp + emptyDir: {} + - name: alertmanager-init + configMap: + name: alertmanager-init + defaultMode: 0777 + securityContext: + fsGroup: 1000 + runAsUser: 1000 diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml new file mode 100644 index 0000000..fc99e52 --- /dev/null +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/auth-tls-verify-client: "on" + nginx.ingress.kubernetes.io/auth-tls-secret: "kube-system/mtls-client-crt-bundle" + nginx.ingress.kubernetes.io/auth-tls-error-page: "https://www.youtube.com/watch?v=dQw4w9WgXcQ" + name: alertmanager + namespace: monitoring +spec: + tls: + - hosts: + - "*.pythondiscord.com" + rules: + - host: alertmanager.pythondiscord.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: alertmanager + port: + number: 9093 diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/initscript.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/initscript.yaml new file mode 100644 index 0000000..f1f36e2 --- /dev/null +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/initscript.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: alertmanager-init + namespace: monitoring +data: + find-pods.sh: | + #!/bin/sh + + # Install curl and jq for JSON parsing + apt update && apt install -y curl jq + + # Find the template hash + echo Finding template hash... + TEMPLATE_HASH=$(echo $HOSTNAME | cut -d- -f2) + + # Query kubernetes API for all matching pods + echo Querying Kubernetes API for pods... + PODS=$(curl \ + -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \ + https://kubernetes.default/api/v1/namespaces/monitoring/pods\?labelSelector=pod-template-hash=$TEMPLATE_HASH\&pretty=false -sk -o /tmp/peers.json) + + echo Finding Alertmanager IPs... + AM_IPS=$(jq '.items[].status.podIP' /tmp/peers.json -r) + + echo Generating CLI flags for Alertmanager... + PEER_ARGS=$(echo $AM_IPS | sed 's/ /\n/g' | awk '{ print "--cluster.peer="$1":9094" }') + + echo Writing CLI flags to /tmp/peers... + echo $PEER_ARGS > /tmp/peers diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/sd-service.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/sd-service.yaml new file mode 100644 index 0000000..8ec901a --- /dev/null +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/sd-service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: alertmanager-sd + namespace: monitoring +spec: + selector: + app: alertmanager + clusterIP: None + ports: + - port: 9093 + targetPort: 9093 + name: am + - port: 9094 + targetPort: 9094 + name: am-peering diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/secrets.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/secrets.yaml Binary files differnew file mode 100644 index 0000000..7cc1d95 --- /dev/null +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/secrets.yaml diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/service-account.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/service-account.yaml new file mode 100644 index 0000000..3f26311 --- /dev/null +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/service-account.yaml @@ -0,0 +1,28 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: alertmanager +rules: +- apiGroups: [""] + resources: ["pods", "endpoints"] + verbs: ["get", "list"] +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: alertmanager + namespace: monitoring +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: alertmanager +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: alertmanager +subjects: + - kind: ServiceAccount + name: alertmanager + namespace: monitoring diff --git a/kubernetes/namespaces/monitoring/alerts/alertmanager/service.yaml b/kubernetes/namespaces/monitoring/alerts/alertmanager/service.yaml new file mode 100644 index 0000000..145b1e2 --- /dev/null +++ b/kubernetes/namespaces/monitoring/alerts/alertmanager/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: alertmanager + namespace: monitoring + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9093" +spec: + selector: + app: alertmanager + ports: + - port: 9093 + targetPort: 9093 |