Merge branch 'Obmondo:master' into master

Obmondo · Aug 23, 2024 · 33905fe · 33905fe
2 parents 1c8c9ab + 8b22008
commit 33905fe
Show file tree

Hide file tree

Showing 12 changed files with 46 additions and 21 deletions.
diff --git a/argocd-helm-charts/cert-manager/values.yaml b/argocd-helm-charts/cert-manager/values.yaml
@@ -38,3 +38,6 @@ issuer:
   preferredChain: null
 networkpolicies: false
 enableCertificateOwnerRef: true
+
+wildcardCertificates:
+  enabled: false
diff --git a/argocd-helm-charts/matomo/values.yaml b/argocd-helm-charts/matomo/values.yaml
@@ -1,6 +1,6 @@
 matomo:
   image:
-    tag: latest
+    tag: 5.1.1
   mariadb:
     enabled: false
   externalDatabase:

diff --git a/argocd-helm-charts/prometheus-linuxaid/rules/prometheus.yaml b/argocd-helm-charts/prometheus-linuxaid/rules/prometheus.yaml
@@ -3,8 +3,9 @@ groups:
     rules:
     - alert: monitor::metrics::missing::pushprox
       expr: |
-        (up{job="pushprox"} == 0) * on (certname) group_left(job) (node_time_seconds - node_boot_time_seconds > 600)
-        and on(certname) obmondo_monitoring{alert_id="monitor::metrics::missing::pushprox"} > 0
+        (100 * (count(up == 0) BY (certname, job) / count(up) BY (certname, job)) > 10)
+        * on (certname) group_right(job) (node_time_seconds - node_boot_time_seconds > 600)
+        and on(certname) obmondo_monitoring{alert_id="monitor::prometheus::metrics"} > 0
       for: 30m
       labels:
         severity: critical

diff --git a/argocd-helm-charts/prometheus-linuxaid/templates/alertmanager.yaml b/argocd-helm-charts/prometheus-linuxaid/templates/alertmanager.yaml
@@ -17,7 +17,7 @@ spec:
     runAsUser: 1000
   serviceAccountName: alertmanager-main
   portName: web
-  version: v0.26.0
+  version: {{ .Values.alertmanager.version }}
   configSecret: alertmanager-config-{{ .Values.customerid }}
   secrets:
   - puppet-agent-tls-auth
diff --git a/argocd-helm-charts/prometheus-linuxaid/templates/grafana.yaml b/argocd-helm-charts/prometheus-linuxaid/templates/grafana.yaml
@@ -38,7 +38,7 @@ spec:
         spec:
           containers:
             - name: grafana
-              image: grafana/grafana:9.5.3
+              image: grafana/grafana:{{ .Values.grafana.version }}
   persistentVolumeClaim:
     spec:
       accessModes:

diff --git a/argocd-helm-charts/prometheus-linuxaid/templates/middleware.yaml b/argocd-helm-charts/prometheus-linuxaid/templates/middleware.yaml
diff --git a/argocd-helm-charts/prometheus-linuxaid/templates/prometheus-ingressroute.yaml b/argocd-helm-charts/prometheus-linuxaid/templates/prometheus-ingressroute.yaml
@@ -3,8 +3,6 @@ kind: IngressRoute
 metadata:
   name: prometheus-{{ .Values.customerid }}
   namespace: monitoring-{{ .Values.customerid }}
-  annotations:
-    traefik.ingress.kubernetes.io/router.middlewares: monitoring-{{ .Values.customerid }}-ipwhitelist-{{ .Values.customerid }}@kubernetescrd
 spec:
   entryPoints:
     - websecure

diff --git a/argocd-helm-charts/prometheus-linuxaid/templates/prometheus.yaml b/argocd-helm-charts/prometheus-linuxaid/templates/prometheus.yaml
@@ -47,5 +47,5 @@ spec:
           requests:
             storage: {{ .Values.prometheus.storage.size }}
         storageClassName: {{ .Values.prometheus.storage.className }}
-  version: v2.48.1
+  version: {{ .Values.prometheus.version }}
   enableRemoteWriteReceiver: true
diff --git a/argocd-helm-charts/prometheus-linuxaid/values.yaml b/argocd-helm-charts/prometheus-linuxaid/values.yaml
@@ -1,4 +1,5 @@
 prometheus:
+  version: v2.53.2
   server: prometheus.obmondo.com
   ingress:
     enable: false
@@ -13,6 +14,7 @@ prometheus:
       memory: 2Gi
 grafana:
   server: graphs.obmondo.com
+  version: 11.1.4
 prometheusRule:
   backup: true
   btrfs: true
@@ -44,6 +46,7 @@ prometheusRule:
   ssacli: true
   zfsExporter: true
 alertmanager:
+  version: v0.27.0
   config:
     global:
       resolve_timeout: 5m

diff --git a/argocd-helm-charts/puppetserver/templates/ingressroutetcp-puppetdb.yaml b/argocd-helm-charts/puppetserver/templates/ingressroutetcp-puppetdb.yaml
@@ -0,0 +1,20 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: puppetdb-{{ .Values.customerid }}
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: HostSNI(`{{ .Values.customerid }}.puppetdb.obmondo.com`)
+    priority: 10
+    services:
+    - name: puppetserver-{{ .Values.customerid }}-puppetdb
+      port: pdb-https
+    middlewares:
+      - name: middleware-{{ .Values.customerid }}
+  tls:
+    passthrough: true
+    options:
+      name: prometheus-puppet-agent-tls-auth
+      namespace: traefik
diff --git a/argocd-helm-charts/puppetserver/templates/middleware.yaml b/argocd-helm-charts/puppetserver/templates/middleware.yaml
@@ -0,0 +1,10 @@
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: middleware-{{ .Values.customerid }}
+spec:
+  ipAllowList:
+    sourceRange:
+      {{- range .Values.ipAllowedList }}
+      - "{{ . }}"
+      {{- end }}
diff --git a/build/kube-prometheus/mixins/monitoring/mixin.libsonnet b/build/kube-prometheus/mixins/monitoring/mixin.libsonnet
@@ -1,5 +1,5 @@
 {
-_config+:: {
+  _config+:: {
     selector: '',
   },
   prometheusAlerts+:: {
@@ -9,7 +9,7 @@ _config+:: {
         rules: [
           {
             alert: 'monitor::monitoring_stack::watchdog_missing',
-            expr: 'increase(watchdog_alerts_total{job="goopsmondo"}[35m]) < 1',
+            expr: 'changes(watchdog_alerts_total[65m]) == 0',
             'for': '10m',
             labels: {
               severity: 'critical',
@@ -24,4 +24,4 @@ _config+:: {
       },
     ],
   },
-}
+}