Adaptions for running monitoring in the mini-lab (#502)

Author: ostempel

control-plane/roles/metal/README.md

@@ -27,7 +27,7 @@ metal_apiserver_enabled: false
 metal_apiserver_url: https://v2.api.{{ metal_control_plane_ingress_dns }}
 metal_apiserver_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
 metal_apiserver_db_addresses:
- - metal-db
+  - metal-db
 metal_apiserver_db_password: change-me
 metal_apiserver_redis_addr: valkey-primary:6379
 metal_apiserver_redis_password: change-me-soon
@@ -52,6 +52,8 @@ metal_apiserver_oidc_client_id: "{{ lookup('k8s', api_version='v1', namespace=me
 metal_apiserver_oidc_client_secret: "{{ lookup('k8s', api_version='v1', namespace=metal_control_plane_namespace, kind='Secret', resource_name='zitadel-client-credentials').data.client_secret | default('') | b64decode }}"
 metal_apiserver_session_secret: secret
 metal_apiserver_admin_subjects: []
+metal_apiserver_pdb_enabled: true
+metal_apiserver_pdb_min_available: 2
 
 # metal-api
 metal_api_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
@@ -95,6 +97,8 @@ metal_api_s3_firmware_bucket:
 metal_api_password_reason_minlength:
 metal_api_release_version: "{{ metal_stack_release_version }}"
 minimum_client_version: "{{ metalctl_version }}"
+metal_api_pdb_enabled: true
+metal_api_pdb_min_available: 2
 
 # masterdata-api
 metal_masterdata_api_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
@@ -106,6 +110,8 @@ metal_masterdata_api_db_password: change-me
 metal_masterdata_api_provider_tenant: "{{ metal_control_plane_provider_tenant }}"
 metal_masterdata_api_hmac: change-me
 metal_masterdata_api_resources:
+metal_masterdata_api_pdb_enabled: true
+metal_masterdata_api_pdb_min_available: 1
 
 metal_masterdata_api_tenants: []
 metal_masterdata_api_projects: []
@@ -119,6 +125,8 @@ metal_ipam_db_user: postgres
 metal_ipam_db_password: change-me
 metal_ipam_log_level: debug
 metal_ipam_resources:
+metal_ipam_pdb_enabled: true
+metal_ipam_pdb_min_available: 1
 
 # metal-console
 metal_console_image_pull_policy: "{{ metal_control_plane_image_pull_policy }}"
@@ -130,6 +138,8 @@ metal_console_bmc_proxy_certs_server_pub:
 metal_console_bmc_proxy_certs_client_key:
 metal_console_bmc_proxy_certs_client_cert:
 metal_console_bmc_proxy_certs_ca_cert:
+metal_console_pdb_enabled: false
+metal_console_pdb_min_available: 1
 
 # ingress
 metal_deploy_ingress: true

control-plane/roles/metal/defaults/main.yaml

@@ -283,3 +283,20 @@ metal_registry_auth:
       username: "{{ metal_registry_auth_user }}"
       password: "{{ metal_registry_auth_password }}"
       auth: "{{ (metal_registry_auth_user + ':' + metal_registry_auth_password) | b64encode }}"
+
+pod_disruption_budget:
+  ipam:
+    enabled: {{ metal_ipam_pdb_enabled | lower }}
+    min_available: {{ metal_ipam_pdb_min_available }}
+  metal_api:
+    enabled: {{ metal_api_pdb_enabled | lower }}
+    min_available: {{ metal_api_pdb_min_available }}
+  masterdata_api:
+    enabled: {{ metal_masterdata_api_pdb_enabled | lower }}
+    min_available: {{ metal_masterdata_api_pdb_min_available }}
+  metal_console:
+    enabled: {{ metal_console_pdb_enabled | lower }}
+    min_available: {{ metal_console_pdb_min_available }}
+  metal_apiserver:
+    enabled: {{ metal_apiserver_pdb_enabled | lower }}
+    min_available: {{ metal_apiserver_pdb_min_available }}

control-plane/roles/metal/templates/metal-values.j2

@@ -13,15 +13,20 @@ monitoring_grafana_additional_datasources:
     uid: loki
     jsonData:
       maxLines: 1000
+  - name: AlertmanagerDatasource
+    type: camptocamp-prometheus-alertmanager-datasource
+    url: http://kube-prometheus-stack-alertmanager.monitoring:9093/
+    access: proxy
+    orgId: 1
+    version: 1
+    isDefault: false
+    uid: alertmanager-datasource
 monitoring_grafana_ingress_dns: "grafana.{{ metal_control_plane_ingress_dns }}"
 monitoring_prometheus_ingress_dns: prometheus.{{ metal_control_plane_ingress_dns }}
 monitoring_ingress_grafana_tls: yes
 monitoring_prometheus_ingress_enabled: false
 monitoring_additional_ingress_annotations: {}
 
-monitoring_thanos_receive_ingress_dns: "monitoring.{{ metal_control_plane_ingress_dns }}"
-monitoring_thanos_receive_size: 16Gi
-
 monitoring_alertmanager_ingress_enabled: true
 monitoring_alertmanager_ingress_dns: "alert.{{ metal_control_plane_ingress_dns }}"
 monitoring_alertmanager_ingress_tls: yes
@@ -46,3 +51,20 @@ monitoring_gardener_seeds: []
 # alertmanager config
 monitoring_alertmanager_additional_routes: []
 monitoring_alertmanager_additional_receivers: []
+
+# component monitoring
+monitoring_prometheus_core_dns_enabled: false
+monitoring_prometheus_kube_dns_enabled: false
+monitoring_prometheus_kube_proxy_enabled: false
+monitoring_prometheus_kube_scheduler_enabled: false
+monitoring_prometheus_kube_etcd_enabled: false
+monitoring_prometheus_kube_controller_manager_enabled: false
+
+# thanos
+monitoring_thanos_receive_enabled: false
+monitoring_thanos_receive_ingress_enabled: false
+monitoring_thanos_receive_ingress_dns: "thanos-receive.{{ metal_control_plane_ingress_dns }}"
+monitoring_thanos_receive_ingress_annotations: []
+monitoring_thanos_receive_ingress_basic_auth: {}
+monitoring_thanos_receive_ingress_tls: {}
+monitoring_thanos_receive_size: 50Gi