From 1e6fd6136ebe7dc3becc3023441eb6e1564e87e9 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Sun, 29 Sep 2024 22:56:40 +0300 Subject: [PATCH 01/10] pod-and-service-monitors --- charts/redis/Chart.yaml | 2 +- charts/redis/templates/deployment.yaml | 5 ----- charts/redis/templates/service.yaml | 5 +++++ charts/redis/templates/servicemonitor.yaml | 18 +++++++++++++++++ charts/synapse/Chart.yaml | 2 +- charts/synapse/templates/_helpers.tpl | 3 +++ .../synapse/templates/envoy-deployment.yaml | 5 ----- .../templates/envoy-servicemonitor.yaml | 18 +++++++++++++++++ .../synapse/templates/synapse-podmonitor.yaml | 20 +++++++++++++++++++ charts/synapse/values.yaml | 3 +++ 10 files changed, 69 insertions(+), 12 deletions(-) create mode 100644 charts/redis/templates/servicemonitor.yaml create mode 100644 charts/synapse/templates/envoy-servicemonitor.yaml create mode 100644 charts/synapse/templates/synapse-podmonitor.yaml diff --git a/charts/redis/Chart.yaml b/charts/redis/Chart.yaml index b6523cf..6aeb8f4 100644 --- a/charts/redis/Chart.yaml +++ b/charts/redis/Chart.yaml @@ -1,3 +1,3 @@ --- name: redis -version: 0.0.6 +version: 0.1.0 diff --git a/charts/redis/templates/deployment.yaml b/charts/redis/templates/deployment.yaml index 5f87864..687bd40 100644 --- a/charts/redis/templates/deployment.yaml +++ b/charts/redis/templates/deployment.yaml @@ -14,11 +14,6 @@ spec: metadata: labels: app: redis - {{- if .Values.exporter.enabled }} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9121" - {{- end }} spec: containers: - name: redis diff --git a/charts/redis/templates/service.yaml b/charts/redis/templates/service.yaml index 88e5516..e14f5d6 100644 --- a/charts/redis/templates/service.yaml +++ b/charts/redis/templates/service.yaml @@ -10,5 +10,10 @@ spec: - name: redis port: 6379 targetPort: redis + {{- if .Values.exporter.enabled }} + - name: redis-exporter + port: 9121 + targetPort: redis-exporter + {{- ens }} selector: app: redis diff --git a/charts/redis/templates/servicemonitor.yaml b/charts/redis/templates/servicemonitor.yaml new file mode 100644 index 0000000..c6a621c --- /dev/null +++ b/charts/redis/templates/servicemonitor.yaml @@ -0,0 +1,18 @@ +{{- if .Values.exporter.enabled }} +kind: ServiceMonitor +apiVersion: monitoring.coreos.com/v1 +metadata: + name: redis-service + labels: + app: redis +spec: + endpoints: + - interval: 60s + path: /metrics + port: http + jobLabel: redis-exporter + selector: + matchLabels: + app: redis +--- +{{- end }} diff --git a/charts/synapse/Chart.yaml b/charts/synapse/Chart.yaml index 58f9f06..1767045 100644 --- a/charts/synapse/Chart.yaml +++ b/charts/synapse/Chart.yaml @@ -1,3 +1,3 @@ --- name: synapse -version: 0.4.5 +version: 0.5.0 diff --git a/charts/synapse/templates/_helpers.tpl b/charts/synapse/templates/_helpers.tpl index aaf085c..5cb10b4 100644 --- a/charts/synapse/templates/_helpers.tpl +++ b/charts/synapse/templates/_helpers.tpl @@ -71,6 +71,9 @@ containers: - containerPort: 8008 name: http protocol: TCP + - containerPort: 9092 + name: metrics + protocol: TCP volumeMounts: - name: synapse-{{ .name }}-config mountPath: /data diff --git a/charts/synapse/templates/envoy-deployment.yaml b/charts/synapse/templates/envoy-deployment.yaml index 19ef5d8..18ec042 100644 --- a/charts/synapse/templates/envoy-deployment.yaml +++ b/charts/synapse/templates/envoy-deployment.yaml @@ -18,11 +18,6 @@ spec: labels: {{- include "synapse-client-reader-envoy.selectorLabels" . | nindent 8 }} annotations: - {{- if .Values.envoyProxy.metrics }} - prometheus.io/port: "9901" - prometheus.io/scrape: "true" - prometheus.io/path: "/stats/prometheus" - {{- end }} checksum/config: {{ .Files.Get "scripts/envoy.yaml" | sha256sum }} {{- with .Values.envoyProxy.podAnnotations }} {{- toYaml . | nindent 8 }} diff --git a/charts/synapse/templates/envoy-servicemonitor.yaml b/charts/synapse/templates/envoy-servicemonitor.yaml new file mode 100644 index 0000000..486c4d3 --- /dev/null +++ b/charts/synapse/templates/envoy-servicemonitor.yaml @@ -0,0 +1,18 @@ +{{- if .Values.envoyProxy.metrics }} +kind: ServiceMonitor +apiVersion: monitoring.coreos.com/v1 +metadata: + name: envoy-service + labels: + {{- include "synapse-client-reader-envoy.selectorLabels" . | nindent 4 }} +spec: + endpoints: + - interval: 60s + path: /stats/prometheus + port: http-admin + jobLabel: envoy-service + selector: + matchLabels: + {{- include "synapse-client-reader-envoy.selectorLabels" . | nindent 6 }} +--- +{{- end }} diff --git a/charts/synapse/templates/synapse-podmonitor.yaml b/charts/synapse/templates/synapse-podmonitor.yaml new file mode 100644 index 0000000..77e9514 --- /dev/null +++ b/charts/synapse/templates/synapse-podmonitor.yaml @@ -0,0 +1,20 @@ +{{- if .Values.synapse.podMonitor.enabled }} +{{- $workers := merge (deepCopy .Values.synapse.autoscalingWorkers) (deepCopy .Values.synapse.deployScalingWorkers) (deepCopy .Values.synapse.singletonWorkers) -}} +{{- range $worker, $count := $workers }} +{{ $name := $worker | replace "_" "-" }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: synapse-{{ $name }} + labels: + {{- include "synapse-workers.selectorLabels" $name | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "synapse-workers.selectorLabels" $name | nindent 4 }} + podMetricsEndpoints: + - port: metrics + path: "/_synapse/metrics" +--- +{{- end }} +{{- end }} diff --git a/charts/synapse/values.yaml b/charts/synapse/values.yaml index c0f9792..d2a719c 100644 --- a/charts/synapse/values.yaml +++ b/charts/synapse/values.yaml @@ -137,6 +137,9 @@ synapse: host: redis port: 6379 + podMonitor: + enabled: false + rc_message: per_second: 100 burst_count: 300 From 2d2c73fd0951c4c7668887481b5f34b862573966 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:00:28 +0300 Subject: [PATCH 02/10] add podminitor --- charts/synapse/templates/_helpers.tpl | 1 + charts/synapse/templates/synapse-podmonitor.yaml | 10 ++-------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/charts/synapse/templates/_helpers.tpl b/charts/synapse/templates/_helpers.tpl index 5cb10b4..6729a59 100644 --- a/charts/synapse/templates/_helpers.tpl +++ b/charts/synapse/templates/_helpers.tpl @@ -34,6 +34,7 @@ component: matrix-authentication Workers annotations */}} {{- define "synapse-workers.annotations" -}} +scrapeMetrics9092: "true" prometheus.io/port: "9092" prometheus.io/scrape: "true" prometheus.io/path: "/_synapse/metrics" diff --git a/charts/synapse/templates/synapse-podmonitor.yaml b/charts/synapse/templates/synapse-podmonitor.yaml index 77e9514..3f866f1 100644 --- a/charts/synapse/templates/synapse-podmonitor.yaml +++ b/charts/synapse/templates/synapse-podmonitor.yaml @@ -1,20 +1,14 @@ {{- if .Values.synapse.podMonitor.enabled }} -{{- $workers := merge (deepCopy .Values.synapse.autoscalingWorkers) (deepCopy .Values.synapse.deployScalingWorkers) (deepCopy .Values.synapse.singletonWorkers) -}} -{{- range $worker, $count := $workers }} -{{ $name := $worker | replace "_" "-" }} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: - name: synapse-{{ $name }} - labels: - {{- include "synapse-workers.selectorLabels" $name | nindent 4 }} + name: synapse-metrics spec: selector: matchLabels: - {{- include "synapse-workers.selectorLabels" $name | nindent 4 }} + scrapeMetrics9092: 'true' podMetricsEndpoints: - port: metrics path: "/_synapse/metrics" --- {{- end }} -{{- end }} From a32b8c44cc1b1045351672ab2a9375bdbf7b2338 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:02:26 +0300 Subject: [PATCH 03/10] separate tls secret name and host name --- charts/webhook/Chart.yaml | 2 +- charts/webhook/templates/ingress.yaml | 2 +- charts/webhook/values.yaml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/webhook/Chart.yaml b/charts/webhook/Chart.yaml index edeb95e..43c941d 100644 --- a/charts/webhook/Chart.yaml +++ b/charts/webhook/Chart.yaml @@ -1,3 +1,3 @@ --- name: webhook -version: 0.0.8 +version: 0.1.0 diff --git a/charts/webhook/templates/ingress.yaml b/charts/webhook/templates/ingress.yaml index 9df82f3..6868fb0 100644 --- a/charts/webhook/templates/ingress.yaml +++ b/charts/webhook/templates/ingress.yaml @@ -13,7 +13,7 @@ spec: tls: - hosts: - {{ .Values.ingress.host }} - secretName: {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.secretName }} rules: - host: {{ .Values.ingress.host }} http: diff --git a/charts/webhook/values.yaml b/charts/webhook/values.yaml index cafc069..22bd474 100644 --- a/charts/webhook/values.yaml +++ b/charts/webhook/values.yaml @@ -15,4 +15,5 @@ matrix: token: "" ingress: host: "" + secretName: "" ingressClassName: nginx From 3fd8eca8fb6a6ddc8af388c2c600499dd3dc64f9 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:08:46 +0300 Subject: [PATCH 04/10] add ingress secret name --- charts/jitsi/Chart.yaml | 2 +- charts/jitsi/templates/ingress.yaml | 8 +++++--- charts/jitsi/templates/jvb-deployment.yaml | 2 +- charts/jitsi/templates/web-deployment.yaml | 2 +- charts/jitsi/values.yaml | 5 ++++- 5 files changed, 12 insertions(+), 7 deletions(-) diff --git a/charts/jitsi/Chart.yaml b/charts/jitsi/Chart.yaml index b9234a1..48a3202 100644 --- a/charts/jitsi/Chart.yaml +++ b/charts/jitsi/Chart.yaml @@ -1,3 +1,3 @@ --- name: jitsi -version: 0.0.3 +version: 0.1.0 diff --git a/charts/jitsi/templates/ingress.yaml b/charts/jitsi/templates/ingress.yaml index 3c4fb85..1df4509 100644 --- a/charts/jitsi/templates/ingress.yaml +++ b/charts/jitsi/templates/ingress.yaml @@ -9,7 +9,7 @@ metadata: spec: ingressClassName: nginx rules: - - host: {{ .Values.serverName }} + - host: {{ .Values.ingress.serverName }} http: paths: - pathType: ImplementationSpecific @@ -35,5 +35,7 @@ spec: path: /colibri-ws tls: - hosts: - - {{ .Values.serverName }} - secretName: tls + - {{ .Values.ingress.serverName }} + {{- if .Values.ingress.secretName }} + secretName: {{ .Values.ingress.secretName }} + {{- end }} diff --git a/charts/jitsi/templates/jvb-deployment.yaml b/charts/jitsi/templates/jvb-deployment.yaml index 953658c..ae2fd91 100644 --- a/charts/jitsi/templates/jvb-deployment.yaml +++ b/charts/jitsi/templates/jvb-deployment.yaml @@ -55,7 +55,7 @@ spec: - name: TZ value: {{ .Values.timeZone }} - name: PUBLIC_URL - value: https://{{ .Values.serverName }} + value: https://{{ .Values.ingress.serverName }} {{- if .Values.jvb.extraEnvs }} {{- toYaml .Values.jvb.extraEnvs | nindent 12 }} {{- end }} diff --git a/charts/jitsi/templates/web-deployment.yaml b/charts/jitsi/templates/web-deployment.yaml index 0eeec92..af28c02 100644 --- a/charts/jitsi/templates/web-deployment.yaml +++ b/charts/jitsi/templates/web-deployment.yaml @@ -43,7 +43,7 @@ spec: - name: JVB_TCP_HARVESTER_DISABLED value: "false" - name: PUBLIC_URL - value: https://{{ .Values.serverName }} + value: https://{{ .Values.ingress.serverName }} - name: ENABLE_LOBBY value: "0" - name: ENABLE_WELCOME_PAGE diff --git a/charts/jitsi/values.yaml b/charts/jitsi/values.yaml index b2888e0..6047e24 100644 --- a/charts/jitsi/values.yaml +++ b/charts/jitsi/values.yaml @@ -1,4 +1,7 @@ -serverName: '' +ingress: + serverName: '' + secretName: '' + timeZone: Europe/Amsterdam jicofo: replicas: 1 From 189a9f5b58015ccd635f5fa864d491cf15e3a735 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:09:04 +0300 Subject: [PATCH 05/10] add ingress secret name --- charts/webhook/templates/ingress.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/webhook/templates/ingress.yaml b/charts/webhook/templates/ingress.yaml index 6868fb0..762171b 100644 --- a/charts/webhook/templates/ingress.yaml +++ b/charts/webhook/templates/ingress.yaml @@ -13,7 +13,9 @@ spec: tls: - hosts: - {{ .Values.ingress.host }} + {{- if .Values.ingress.secretName }} secretName: {{ .Values.ingress.secretName }} + {{- end }} rules: - host: {{ .Values.ingress.host }} http: From 9540ca7e3c02447d9ec5c5e715baf7364b570af9 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:15:20 +0300 Subject: [PATCH 06/10] ingress secret --- charts/synapse/templates/sliding-sync-proxy-ingress.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/synapse/templates/sliding-sync-proxy-ingress.yaml b/charts/synapse/templates/sliding-sync-proxy-ingress.yaml index 44c88c3..7139c2a 100644 --- a/charts/synapse/templates/sliding-sync-proxy-ingress.yaml +++ b/charts/synapse/templates/sliding-sync-proxy-ingress.yaml @@ -19,7 +19,9 @@ spec: tls: - hosts: - {{ .Values.slidingSyncProxy.ingress.host }} - secretName: tls + {{- if .Values.slidingSyncProxy.ingress.secretName }} + secretName: {{ .Values.slidingSyncProxy.ingress.secretName }} + {{- end }} rules: - host: {{ .Values.slidingSyncProxy.ingress.host }} http: From 6caa24dcd53a0725038f282bb564acc735d1d177 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:15:54 +0300 Subject: [PATCH 07/10] mas ingress --- charts/synapse/templates/matrix-authentication-ingress.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/synapse/templates/matrix-authentication-ingress.yaml b/charts/synapse/templates/matrix-authentication-ingress.yaml index 05ff48c..4cc6137 100644 --- a/charts/synapse/templates/matrix-authentication-ingress.yaml +++ b/charts/synapse/templates/matrix-authentication-ingress.yaml @@ -13,7 +13,9 @@ spec: tls: - hosts: - {{ .Values.matrixAuthentication.ingress.host }} - secretName: tls + {{- if .Values.matrixAuthentication.ingress.secretName }} + secretName: {{ .Values.matrixAuthentication.ingress.secretName }} + {{- end }} rules: - host: {{ .Values.matrixAuthentication.ingress.host }} http: From 9644793db7da168bc4d680ce83ac0946700445cb Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:18:08 +0300 Subject: [PATCH 08/10] add ingress secret name --- charts/synapse/templates/synapse-ingress.yaml | 4 +++- charts/synapse/templates/well-known-ingress.yaml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/synapse/templates/synapse-ingress.yaml b/charts/synapse/templates/synapse-ingress.yaml index 40ceb81..2199598 100644 --- a/charts/synapse/templates/synapse-ingress.yaml +++ b/charts/synapse/templates/synapse-ingress.yaml @@ -19,7 +19,9 @@ spec: tls: - hosts: - {{ .Values.synapse.serverName }} - secretName: tls + {{- if .Values.ingress.secretName }} + secretName: {{ .Values.ingress.secretName }} + {{- end }} rules: - host: {{ .Values.synapse.serverName }} http: diff --git a/charts/synapse/templates/well-known-ingress.yaml b/charts/synapse/templates/well-known-ingress.yaml index e7e19ef..9a058dd 100644 --- a/charts/synapse/templates/well-known-ingress.yaml +++ b/charts/synapse/templates/well-known-ingress.yaml @@ -10,7 +10,9 @@ spec: tls: - hosts: - {{ .Values.synapse.serverName }} - secretName: tls + {{- if .Values.ingress.secretName }} + secretName: {{ .Values.ingress.secretName }} + {{- end }} rules: - host: {{ .Values.synapse.serverName }} http: From 631d5b8a52a44ff957952259944e79fd05e78f85 Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:20:47 +0300 Subject: [PATCH 09/10] admin secret name --- charts/synapse/templates/admin-ingress.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/synapse/templates/admin-ingress.yaml b/charts/synapse/templates/admin-ingress.yaml index 320948f..f3438dd 100644 --- a/charts/synapse/templates/admin-ingress.yaml +++ b/charts/synapse/templates/admin-ingress.yaml @@ -1,3 +1,4 @@ +{{- if .Values.admin.ingress.enabled }} --- apiVersion: networking.k8s.io/v1 kind: Ingress @@ -10,10 +11,12 @@ spec: ingressClassName: nginx tls: - hosts: - - {{ .Values.admin.serverName }} + - {{ .Values.admin.ingress.serverName }} + {{- if .Values.admin.ingress.secretName }} secretName: tls + {{- end }} rules: - - host: {{ .Values.admin.serverName }} + - host: {{ .Values.admin.ingress.serverName }} http: paths: - path: / @@ -23,3 +26,4 @@ spec: name: admin port: number: 80 +{{- end }} From 4ea9f190f9b0d030d09c4c97f14a8e17c921806f Mon Sep 17 00:00:00 2001 From: shcherbak Date: Mon, 30 Sep 2024 19:21:00 +0300 Subject: [PATCH 10/10] add ingress secretname --- charts/synapse/values.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/synapse/values.yaml b/charts/synapse/values.yaml index d2a719c..657c05c 100644 --- a/charts/synapse/values.yaml +++ b/charts/synapse/values.yaml @@ -179,6 +179,7 @@ experimentalFeatures: account_management_url: NOT-CONFIGURED ingress: + secretName: '' masterRoutes: - "/_matrix/" - "/_synapse/" @@ -300,7 +301,10 @@ ingress: # "/_matrix/client/(r0|v3|unstable)/user_directory/search$" admin: - serverName: NOT-CONFIGURED + ingress: + enabled: true + secretName: '' + serverName: NOT-CONFIGURED image: repository: "awesometechnologies/synapse-admin" tag: "0.10.1" @@ -346,6 +350,7 @@ slidingSyncProxy: ingress: enabled: true host: NOT-CONFIGURED + secretName: '' env: SYNCV3_DB: NOT-CONFIGURED SYNCV3_SERVER: NOT-CONFIGURED @@ -441,6 +446,7 @@ matrixAuthentication: ingress: enabled: true host: NOT-CONFIGURED + secretName: '' config: clients: [] database: