Initial release

2024-03-19 13:13:53 +01:00
commit 451fdb09fc
391 changed files with 184309 additions and 0 deletions
--- a/monitor/prometheus/datas.tf
+++ b/monitor/prometheus/datas.tf
@@ -0,0 +1,199 @@
+
+locals {
+  common-labels = {
+    "vynil.solidite.fr/owner-name" = var.instance
+    "vynil.solidite.fr/owner-namespace" = var.namespace
+    "vynil.solidite.fr/owner-category" = var.category
+    "vynil.solidite.fr/owner-component" = var.component
+    "app.kubernetes.io/managed-by" = "vynil"
+    "app.kubernetes.io/name" = var.component
+    "app.kubernetes.io/instance" = var.instance
+  }
+  rb-patch = <<-EOF
+    - op: replace
+      path: /subjects/0/namespace
+      value: "${var.namespace}"
+    EOF
+
+}
+data "kustomization_overlay" "data" {
+  common_labels = local.common-labels
+  namespace = var.namespace
+  resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && length(regexall("ClusterRole",file))<1 && length(regexall("WebhookConfiguration",file))<1]
+  images {
+    name = "quay.io/prometheus-operator/prometheus-operator"
+    new_name = "${var.images.operator.registry}/${var.images.operator.repository}"
+    new_tag = "${var.images.operator.tag}"
+  }
+  patches {
+    target {
+      kind = "Deployment"
+      name = "prometheus-community-kube-operator"
+    }
+    patch = <<-EOF
+    - op: replace
+      path: /spec/template/spec/containers/0/imagePullPolicy
+      value: "${var.images.operator.pullPolicy}"
+    EOF
+  }
+  patches {
+    target {
+      kind = "ServiceMonitor"
+      name = "prometheus-community-kube-operator"
+    }
+    patch = <<-EOF
+    - op: replace
+      path: /spec/namespaceSelector/matchNames/0
+      value: "${var.namespace}"
+    EOF
+  }
+  patches {
+    target {
+      kind = "Certificate"
+      name = "prometheus-community-kube-admission"
+    }
+    patch = <<-EOF
+    - op: replace
+      path: /spec/dnsNames/1
+      value: "prometheus-community-kube-operator.${var.namespace}.svc"
+    EOF
+  }
+  patches {
+    target {
+      kind = "PrometheusRule"
+      name = "prometheus-community-kube-prometheus-operator"
+    }
+    patch = <<-EOF
+      apiVersion: monitoring.coreos.com/v1
+      kind: PrometheusRule
+      metadata:
+        name: prometheus-community-kube-prometheus-operator
+      spec:
+        groups:
+        - name: prometheus-operator
+          rules:
+          - alert: PrometheusOperatorListErrors
+            annotations:
+              description: Errors while performing List operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace.
+              runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorlisterrors
+              summary: Errors while performing list operations in controller.
+            expr: (sum by (cluster,controller,namespace) (rate(prometheus_operator_list_operations_failed_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[10m])) / sum by (cluster,controller,namespace) (rate(prometheus_operator_list_operations_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[10m]))) > 0.4
+            for: 15m
+            labels:
+              severity: warning
+          - alert: PrometheusOperatorWatchErrors
+            annotations:
+              description: Errors while performing watch operations in controller {{$labels.controller}} in {{$labels.namespace}} namespace.
+              runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorwatcherrors
+              summary: Errors while performing watch operations in controller.
+            expr: (sum by (cluster,controller,namespace) (rate(prometheus_operator_watch_operations_failed_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m])) / sum by (cluster,controller,namespace) (rate(prometheus_operator_watch_operations_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]))) > 0.4
+            for: 15m
+            labels:
+              severity: warning
+          - alert: PrometheusOperatorSyncFailed
+            annotations:
+              description: Controller {{ $labels.controller }} in {{ $labels.namespace }} namespace fails to reconcile {{ $value }} objects.
+              runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorsyncfailed
+              summary: Last controller reconciliation failed
+            expr: min_over_time(prometheus_operator_syncs{status="failed",job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]) > 0
+            for: 10m
+            labels:
+              severity: warning
+          - alert: PrometheusOperatorReconcileErrors
+            annotations:
+              description: '{{ $value | humanizePercentage }} of reconciling operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.'
+              runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorreconcileerrors
+              summary: Errors while reconciling objects.
+            expr: (sum by (cluster,controller,namespace) (rate(prometheus_operator_reconcile_errors_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]))) / (sum by (cluster,controller,namespace) (rate(prometheus_operator_reconcile_operations_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]))) > 0.1
+            for: 10m
+            labels:
+              severity: warning
+          - alert: PrometheusOperatorStatusUpdateErrors
+            annotations:
+              description: '{{ $value | humanizePercentage }} of status update operations failed for {{ $labels.controller }} controller in {{ $labels.namespace }} namespace.'
+              runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorstatusupdateerrors
+              summary: Errors while updating objects status.
+            expr: (sum by (cluster,controller,namespace) (rate(prometheus_operator_status_update_errors_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]))) / (sum by (cluster,controller,namespace) (rate(prometheus_operator_status_update_operations_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]))) > 0.1
+            for: 10m
+            labels:
+              severity: warning
+          - alert: PrometheusOperatorNodeLookupErrors
+            annotations:
+              description: Errors while reconciling Prometheus in {{ $labels.namespace }} Namespace.
+              runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatornodelookuperrors
+              summary: Errors while reconciling Prometheus.
+            expr: rate(prometheus_operator_node_address_lookup_errors_total{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]) > 0.1
+            for: 10m
+            labels:
+              severity: warning
+          - alert: PrometheusOperatorNotReady
+            annotations:
+              description: Prometheus operator in {{ $labels.namespace }} namespace isn't ready to reconcile {{ $labels.controller }} resources.
+              runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatornotready
+              summary: Prometheus operator not ready
+            expr: min by (cluster,controller,namespace) (max_over_time(prometheus_operator_ready{job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]) == 0)
+            for: 5m
+            labels:
+              severity: warning
+          - alert: PrometheusOperatorRejectedResources
+            annotations:
+              description: Prometheus operator in {{ $labels.namespace }} namespace rejected {{ printf "%0.0f" $value }} {{ $labels.controller }}/{{ $labels.resource }} resources.
+              runbook_url: https://runbooks.prometheus-operator.dev/runbooks/prometheus-operator/prometheusoperatorrejectedresources
+              summary: Resources rejected by Prometheus operator
+            expr: min_over_time(prometheus_operator_managed_resources{state="rejected",job="prometheus-community-kube-operator",namespace="${var.namespace}"}[5m]) > 0
+            for: 5m
+            labels:
+              severity: warning
+    EOF
+  }
+
+}
+
+data "kustomization_overlay" "data_no_ns" {
+  common_labels = local.common-labels
+  resources = [for file in fileset(path.module, "*.yaml"): file if file != "index.yaml" && (length(regexall("ClusterRole",file))>0 || length(regexall("WebhookConfiguration",file))>0)]
+
+  patches {
+    target {
+      kind = "ClusterRoleBinding"
+      name = "prometheus-community-kube-operator"
+    }
+    patch = local.rb-patch
+  }
+  patches {
+    target {
+      kind = "MutatingWebhookConfiguration"
+      name = "prometheus-community-kube-admission"
+    }
+    patch = <<-EOF
+    - op: replace
+      path: /webhooks/0/clientConfig/service/namespace
+      value: "${var.namespace}"
+    - op: replace
+      path: /metadata/annotations/certmanager.k8s.io~1inject-ca-from
+      value: "${var.namespace}/prometheus-community-kube-admission"
+    - op: replace
+      path: /metadata/annotations/cert-manager.io~1inject-ca-from
+      value: "${var.namespace}/prometheus-community-kube-admission"
+    EOF
+  }
+  patches {
+    target {
+      kind = "ValidatingWebhookConfiguration"
+      name = "prometheus-community-kube-admission"
+    }
+    patch = <<-EOF
+    - op: replace
+      path: /webhooks/0/clientConfig/service/namespace
+      value: "${var.namespace}"
+    - op: replace
+      path: /metadata/annotations/certmanager.k8s.io~1inject-ca-from
+      value: "${var.namespace}/prometheus-community-kube-admission"
+    - op: replace
+      path: /metadata/annotations/cert-manager.io~1inject-ca-from
+      value: "${var.namespace}/prometheus-community-kube-admission"
+    EOF
+  }
+}
+
+