-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.jsonnet
123 lines (116 loc) · 3.59 KB
/
main.jsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
local com = import 'lib/commodore.libjsonnet';
local kap = import 'lib/kapitan.libjsonnet';
local kube = import 'lib/kube.libjsonnet';
local prom = import 'lib/prom.libsonnet';
local rl = import 'lib/resource-locker.libjsonnet';
local inv = kap.inventory();
local params = inv.parameters.openshift4_monitoring;
local rules = import 'rules.jsonnet';
local capacity = import 'capacity.libsonnet';
local ns =
if params.namespace != 'openshift-monitoring' then
error 'Component openshift4-monitoring does not support values for parameter `namespace` other than "openshift-monitoring".'
else
params.namespace;
local secrets = com.generateResources(params.secrets, kube.Secret);
local ns_patch =
rl.Patch(
kube.Namespace(ns),
{
metadata: {
labels: {
'network.openshift.io/policy-group': 'monitoring',
} + if std.member(inv.applications, 'networkpolicy') then {
[inv.parameters.networkpolicy.labels.noDefaults]: 'true',
[inv.parameters.networkpolicy.labels.purgeDefaults]: 'true',
} else {},
},
}
);
{
'00_namespace_labels': ns_patch,
'01_secrets': secrets,
'02_aggregated_clusterroles': (import 'aggregated-clusterroles.libsonnet'),
[if std.length(params.configs) > 0 then '10_configmap']:
kube.ConfigMap('cluster-monitoring-config') {
metadata+: {
namespace: ns,
},
data: {
'config.yaml': std.manifestYamlDoc(
{
enableUserWorkload: params.enableUserWorkload,
} + std.mapWithKey(
function(field, value) value + params.defaultConfig,
params.configs {
prometheusK8s+: {
_remoteWrite+:: {},
} + {
local rwd = super._remoteWrite,
remoteWrite+: std.filterMap(
function(name) rwd[name] != null,
function(name) rwd[name] { name: name },
std.objectFields(rwd)
),
},
},
)
),
},
},
[if params.enableUserWorkload then '10_configmap_user_workload']:
kube.ConfigMap('user-workload-monitoring-config') {
metadata+: {
namespace: 'openshift-user-workload-monitoring',
},
data: {
'config.yaml': std.manifestYamlDoc(
std.mapWithKey(
function(field, value) value + params.defaultConfig,
params.configsUserWorkload
)
),
},
},
'10_alertmanager_config': kube.Secret('alertmanager-main') {
metadata+: {
namespace: ns,
},
stringData: {
'alertmanager.yaml': std.manifestYamlDoc(params.alertManagerConfig),
},
},
rbac: import 'rbac.libsonnet',
prometheus_rules: rules,
silence: import 'silence.jsonnet',
[if params.capacityAlerts.enabled then 'capacity_rules']: capacity.rules,
} + {
[group_name + '_rules']: prom.PrometheusRule(group_name) {
metadata+: {
namespace: params.namespace,
labels+: {
role: 'alert-rules',
},
},
spec+: {
groups+: [ {
name: group_name,
rules: [
local rnamekey = std.splitLimit(rname, ':', 1);
params.rules[group_name][rname] {
[rnamekey[0]]: rnamekey[1],
labels+: {
syn: 'true',
},
}
for rname in std.objectFields(params.rules[group_name])
if params.rules[group_name][rname] != null
],
} ],
},
}
for group_name in std.objectFields(params.rules)
if params.rules[group_name] != null
} + {
'90_syn_monitoring': (import 'syn-monitoring.libsonnet'),
}