1
0
forked from k-space/kube
Files
argocd
asterisk
bind
camtiler
cert-manager
cnpg-system
dragonfly-operator-system
elastic-system
etherpad
freescout
gitea
grafana
hackerspace
harbor
kube-system
kubernetes-dashboard
local-path-storage
logging
logmower
longhorn-system
metallb-system
minio-clusters
mongodb-operator
monitoring
README.md
alertmanager.yaml
blackbox-exporter.yaml
mikrotik-exporter.yaml
node-exporter.yaml
ping-exporter.yaml
prometheus.yaml
snmp-configs.yaml
snmp-exporter.yaml
zrepl.yaml
mysql-clusters
nextcloud
nyancat
oidc-gateway
openebs
opensearch-operator
passmower
playground
postgres-clusters
prometheus-operator
redis-clusters
reloader
ripe87
rosdump
shared
signs
tigera-operator
traefik
whoami
whoami-oidc
wiki
wildduck
woodpecker
.gitignore
CLUSTER.md
CONTRIBUTORS.md
LICENSE.md
README.md
SLACK.md
cluster-role-bindings.yml
storage-class.yaml
kube/monitoring

Monitoring namespace

Prometheus is accessible at prom.k-space.ee and the corresponding AlertManager is accessible at am.k-space.ee. Both are deployed by ArgoCD from this Git repo directory using Prometheus operator.

Note that Prometheus and other monitoring stack components should use the dedicated: monitoring Kubernetes node selector to make sure the components get scheduled on mon[1-3] nodes which are hosted in a privileged VLAN where they have access to UPS SNMP targets, Mikrotik router/switch API-s etc.

To add monitoring targets inside the Kubernetes cluster make use of PodMonitor or ServiceMonitor custom resource definitions.

For external targets (ab)use the Probe CRD as seen in node-exporter.yaml or ping-exporter.yaml

Alerts are sent to #kube-prod Slack channel. The alerting rules are automatically picked up by Prometheus operator via Kubernetes manifests utilizing the operator's PrometheusRule custom resource definitions.

Sample queries:

To reconfigure SNMP targets etc:

kubectl delete -n monitoring configmap snmp-exporter
kubectl create -n monitoring configmap snmp-exporter --from-file=snmp.yml=snmp-configs.yaml

To set Slack secrets:

 kubectl create -n monitoring secret generic slack-secrets \
    --from-literal=webhook-url=https://hooks.slack.com/services/...

To set Mikrotik secrets:

 kubectl create -n monitoring secret generic mikrotik-exporter \
  --from-literal=MIKROTIK_PASSWORD='f7W!H*Pu' \
  --from-literal=PROMETHEUS_BEARER_TOKEN=$(cat /dev/urandom | base64 | head -c 30)