Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Added application monitoring operator based on its installation script

Browse source
This commit is contained in:
Adam Saleh 2021-03-10 11:01:31 +01:00
parent b0c939b3d8
commit 76452ba1c7
38 changed files with 13278 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

80
playbooks/openshift-apps/application-monitoring.yml Normal file
View file

@ -0,0 +1,80 @@
- name: make the app be real
hosts: os_masters_stg[0] # only in staging for the ARC deployment
user: root
gather_facts: False
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
# oc new-project application-monitoring
- role: openshift/project
app: application-monitoring
description: Hosts the application monitoring operator
appowners:
- cverna
- pingou
- asaleh
- name: Apply node labels
command: oc label namespace application-monitoring monitoring-key=middleware
- role: openshift/object
app: application-monitoring
file: application-monitoring/deploy/crds/applicationmonitoring.integreatly.org_applicationmonitorings_crd.yaml
objectname: applicationmonitoring.integreatly.org_applicationmonitorings_crd.yaml
- name: AMO Cluster Roles & RoleBindings
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/application-monitoring-operator/deploy/cluster-roles
- name: AMO Cluster Roles & RoleBindings - service_account.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/application-monitoring-operator/deploy/service_account.yaml
- name: AMO Cluster Roles & RoleBindings - service_account.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/application-monitoring-operator/deploy/service_account.yaml
- name: AMO Cluster Roles & RoleBindings - role.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/application-monitoring-operator/deploy/role.yaml
- name: AMO Cluster Roles & RoleBindings - role_binding.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/application-monitorin-operatorg/deploy/role_binding.yaml
- role: openshift/object
app: application-monitoring
file: application-monitoring/deploy/crds/applicationmonitoring.integreatly.org_blackboxtargets_crd.yaml
objectname: applicationmonitoring.integreatly.org_blackboxtargets_crd.yaml
- name: Grafana CRDs - Grafana.yml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/grafana-operator/deploy/crds/Grafana.yaml
- name: Grafana CRDs - GrafanaDashboard.yml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/grafana-operator/deploy/crds/GrafanaDashboard.yaml
- name: Grafana CRDs - GrafanaDataSource.yml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/grafana-operator/deploy/crds/GrafanaDataSource.yaml
- name: Prometheus CRDs - monitoring.coreos.com_podmonitors.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/prometheus-operator/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
- name: Prometheus CRDs - monitoring.coreos.com_prometheuses.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/prometheus-operator/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
- name: Prometheus CRDs - monitoring.coreos.com_alertmanagers.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/prometheus-operator/example/prometheus-operator-crd/monitoring.coreos.com_alertmanagers.yaml
- name: Prometheus CRDs - monitoring.coreos.com_prometheusrules.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/prometheus-operator/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
- name: Prometheus CRDs - monitoring.coreos.com_servicemonitors.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/prometheus-operator/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
- name: Prometheus CRDs - monitoring.coreos.com_thanosrulers.yaml
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/prometheus-operator/example/prometheus-operator-crd/monitoring.coreos.com_thanosrulers.yaml
- name: Operator deployment
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/application-monitoring-operator/deploy/operator.yaml
- name: ApplicationMonitoring deployment
command: oc -n application-monitoring apply -f {{roles_path}}/openshift-apps/{{app}}/files/application-monitoring-operator/deploy/examples/ApplicationMonitoring.yaml

10
roles/openshift-apps/application-monitoring/files/README.md Normal file
View file

@ -0,0 +1,10 @@
We have decided to vendor in the CRDS.
To make upgrading easier, we are vendoring in the relevant parts of repositories.
The versions are based on the makefile application-monitoring-operator
- application-monitoring-operator v1.5.0 git@github.com:integr8ly/application-monitoring-operator.git
- grafana-operator v3.8.1 git@github.com:integr8ly/grafana-operator.git
- prometheus-operator v0.34.0 git@github.com:coreos/prometheus-operator.git

120
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/Makefile Normal file
View file

@ -0,0 +1,120 @@
ORG ?= integreatly
NAMESPACE ?= application-monitoring
PROJECT ?= application-monitoring-operator
REG=quay.io
SHELL=/bin/bash
PKG=github.com/integr8ly/application-monitoring-operator
TEST_DIRS?=$(shell sh -c "find $(TOP_SRC_DIRS) -name \\*_test.go -exec dirname {} \\; | sort | uniq")
TEST_POD_NAME=application-monitoring-operator-test
COMPILE_TARGET=./tmp/_output/bin/$(PROJECT)
# PROMETHEUS_OPERATOR_VERSION is used at install time to import crds
# After v0.34.0 the file names for the resources change
# If you are updating this version you will need to update the file names in ./scripts/install.sh too
# You can delete this comment afterwards.
PROMETHEUS_OPERATOR_VERSION=v0.34.0
LOCAL=local
GRAFANA_OPERATOR_VERSION=v3.8.1
AMO_VERSION=1.5.0
PREV_AMO_VERSION=1.4.0
AUTH_TOKEN=$(shell curl -sH "Content-Type: application/json" -XPOST https://quay.io/cnr/api/v1/users/login -d '{"user": {"username": "$(QUAY_USERNAME)", "password": "${QUAY_PASSWORD}"}}' | jq -r '.token')
.PHONY: setup/gomod
setup/gomod:
@echo Running go.mod tidy
@go mod tidy
@echo Running go.mod vendor
@go mod vendor
.PHONY: setup/travis
setup/travis:
@echo Installing Operator SDK
@curl -Lo operator-sdk https://github.com/operator-framework/operator-sdk/releases/download/v0.8.1/operator-sdk-v0.8.1-x86_64-linux-gnu && chmod +x operator-sdk && sudo mv operator-sdk /usr/local/bin/
.PHONY: code/run
code/run:
@operator-sdk up local --namespace=${NAMESPACE}
.PHONY: code/compile
code/compile:
@GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o=$(COMPILE_TARGET) ./cmd/manager
.PHONY: code/gen
code/gen:
operator-sdk generate k8s
.PHONY: gen/csv
gen/csv:
sed -i.bak 's/image:.*/image: quay\.io\/integreatly\/application-monitoring-operator:v$(AMO_VERSION)/g' deploy/operator.yaml && rm deploy/operator.yaml.bak
@operator-sdk generate csv --operator-name=application-monitoring-operator --csv-version $(AMO_VERSION) --from-version $(PREV_AMO_VERSION) --update-crds --csv-channel=integreatly --default-channel
@sed -i.bak 's/$(PREV_AMO_VERSION)/$(AMO_VERSION)/g' deploy/olm-catalog/application-monitoring-operator/application-monitoring-operator.package.yaml && rm deploy/olm-catalog/application-monitoring-operator/application-monitoring-operator.package.yaml.bak
@sed -i.bak s/application-monitoring-operator:v$(PREV_AMO_VERSION)/application-monitoring-operator:v$(AMO_VERSION)/g deploy/olm-catalog/application-monitoring-operator/$(AMO_VERSION)/application-monitoring-operator.v$(AMO_VERSION).clusterserviceversion.yaml && rm deploy/olm-catalog/application-monitoring-operator/$(AMO_VERSION)/application-monitoring-operator.v$(AMO_VERSION).clusterserviceversion.yaml.bak
.PHONY: code/check
code/check:
@diff -u <(echo -n) <(gofmt -d `find . -type f -name '*.go' -not -path "./vendor/*"`)
.PHONY: code/fix
code/fix:
@gofmt -w `find . -type f -name '*.go' -not -path "./vendor/*"`
.PHONY: image/build
image/build: code/compile
@operator-sdk build ${REG}/${ORG}/${PROJECT}:${AMO_VERSION}
.PHONY: image/push
image/push:
docker push ${REG}/${ORG}/${PROJECT}:${AMO_VERSION}
.PHONY: image/build/push
image/build/push: image/build image/push
.PHONY: image/build/test
image/build/test:
operator-sdk build --enable-tests ${REG}/${ORG}/${PROJECT}:${AMO_VERSION}
.PHONY: test/unit
test/unit:
@echo Running tests:
go test -v -race -cover ./pkg/...
.PHONY: test/e2e
test/e2e:
kubectl apply -f deploy/test-e2e-pod.yaml -n ${PROJECT}
${SHELL} ./scripts/stream-pod ${TEST_POD_NAME} ${PROJECT}
.PHONY: cluster/prepare
cluster/prepare:
-kubectl apply -f deploy/crds/
-oc new-project $(NAMESPACE)
.PHONY: cluster/clean
cluster/clean:
-kubectl delete -n $(NAMESPACE) --all blackboxtargets
-kubectl delete -n $(NAMESPACE) --all grafanadashboards
-kubectl delete -n $(NAMESPACE) --all grafanadatasources
-kubectl delete -n $(NAMESPACE) --all applicationmonitorings
-kubectl delete -f ./deploy/cluster-roles
-kubectl delete crd grafanas.integreatly.org
-kubectl delete crd grafanadashboards.integreatly.org
-kubectl delete crd grafanadatasources.integreatly.org
-kubectl delete crd blackboxtargets.applicationmonitoring.integreatly.org
-kubectl delete crd applicationmonitorings.applicationmonitoring.integreatly.org
-kubectl delete namespace $(NAMESPACE)
.PHONY: cluster/create/examples
cluster/create/examples:
-kubectl create -f deploy/examples/ApplicationMonitoring.yaml -n $(NAMESPACE)
.PHONY: cluster/install
cluster/install:
./scripts/install.sh ${PROMETHEUS_OPERATOR_VERSION} ${GRAFANA_OPERATOR_VERSION}
.PHONY: cluster/install/local
cluster/install/local:
./scripts/install.sh ${PROMETHEUS_OPERATOR_VERSION} ${GRAFANA_OPERATOR_VERSION} ${LOCAL}
.PHONY: manifest/push
manifest/push:
@operator-courier --verbose push deploy/olm-catalog/application-monitoring-operator/ $(ORG) $(PROJECT) $(AMO_VERSION) "$(AUTH_TOKEN)"

1
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/README.md Normal file
View file

@ -0,0 +1 @@
These roles are meant to be created by the Integr8ly installer. They are included here for reference or when you wish to deploy the monitoring stack outside of Integr8ly.

17
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/alertmanager-clusterrole.yaml Normal file
View file

@ -0,0 +1,17 @@
apiVersion: authorization.openshift.io/v1
kind: ClusterRole
metadata:
name: alertmanager-application-monitoring
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

13
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/alertmanager-clusterrole_binding.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: authorization.openshift.io/v1
groupNames: null
kind: ClusterRoleBinding
metadata:
name: alertmanager-application-monitoring
roleRef:
name: alertmanager-application-monitoring
subjects:
- kind: ServiceAccount
name: alertmanager-service-account
namespace: application-monitoring
userNames:
- system:serviceaccount:application-monitoring:alertmanager-service-account

23
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/grafana-operator-clusterrole.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: grafana-operator
rules:
- apiGroups:
- integreatly.org
resources:
- grafanadashboards
- grafanadashboards/status
verbs: ['get', 'list', 'update', 'watch']
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

12
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/grafana-operator-clusterrole_binding.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: authorization.openshift.io/v1
kind: ClusterRoleBinding
metadata:
name: grafana-operator
roleRef:
name: grafana-operator
subjects:
- kind: ServiceAccount
name: grafana-operator
namespace: application-monitoring
userNames:
- system:serviceaccount:application-monitoring:grafana-operator

31
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/prometheus-clusterrole.yaml Normal file
View file

@ -0,0 +1,31 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: prometheus-application-monitoring
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups: [""]
resources:
- nodes
- services
- endpoints
- pods
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- configmaps
- namespaces # Required to get through the alertmanager oauth proxy
verbs: ["get"]
- nonResourceURLs: ["/metrics"]
verbs: ["get"]

14
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/prometheus-clusterrole_binding.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: prometheus-application-monitoring
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-application-monitoring
subjects:
- kind: ServiceAccount
name: prometheus-service-account
namespace: application-monitoring
userNames:
- system:serviceaccount:application-monitoring:prometheus-service-account

68
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/prometheus-operator-clusterrole.yaml Normal file
View file

@ -0,0 +1,68 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: prometheus-application-monitoring-operator
rules:
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- prometheuses
- thanosrulers
- prometheuses/finalizers
- alertmanagers/finalizers
- thanosrulers/finalizers
- servicemonitors
- prometheusrules
- podmonitors
verbs:
- '*'
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- delete
- apiGroups:
- ""
resources:
- services
- endpoints
- services/finalizers
verbs:
- "*"
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch

14
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/prometheus-operator-clusterrole_binding.yaml Normal file
View file

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: prometheus-application-monitoring-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: prometheus-application-monitoring-operator
subjects:
- kind: ServiceAccount
name: prometheus-operator
namespace: application-monitoring
userNames:
- system:serviceaccount:application-monitoring:prometheus-operator

17
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/proxy-clusterrole.yaml Normal file
View file

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: grafana-proxy
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

12
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/cluster-roles/proxy-clusterrole_binding.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: authorization.openshift.io/v1
kind: ClusterRoleBinding
metadata:
name: grafana-proxy
roleRef:
name: grafana-proxy
subjects:
- kind: ServiceAccount
name: grafana-serviceaccount
namespace: monitoring2
userNames:
- system:serviceaccount:application-monitoring:grafana-serviceaccount

645
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/crds/applicationmonitoring.integreatly.org_applicationmonitorings_crd.yaml Normal file
View file

@ -0,0 +1,645 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: applicationmonitorings.applicationmonitoring.integreatly.org
spec:
group: applicationmonitoring.integreatly.org
names:
kind: ApplicationMonitoring
listKind: ApplicationMonitoringList
plural: applicationmonitorings
singular: applicationmonitoring
scope: Namespaced
validation:
openAPIV3Schema:
description: ApplicationMonitoring is the Schema for the applicationmonitorings
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ApplicationMonitoringSpec defines the desired state of ApplicationMonitoring
properties:
additionalScrapeConfigSecretKey:
type: string
additionalScrapeConfigSecretName:
type: string
affinity:
description: Affinity is a group of affinity scheduling rules.
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to nodes
that satisfy the affinity expressions specified by this field,
but it may choose a node that violates one or more of the
expressions. The node that is most preferred is the one with
the greatest sum of weights, i.e. for each node that meets
all of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through
the elements of this field and adding "weight" to the sum
if the node matches the corresponding matchExpressions; the
node(s) with the highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches all
objects with implicit weight 0 (i.e. it's a no-op). A null
preferred scheduling term matches no objects (i.e. is also
a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be
empty. If the operator is Gt or Lt, the values
array must have a single element, which will
be interpreted as an integer. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be
empty. If the operator is Gt or Lt, the values
array must have a single element, which will
be interpreted as an integer. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms. The
terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be
empty. If the operator is Gt or Lt, the values
array must have a single element, which will
be interpreted as an integer. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be
empty. If the operator is Gt or Lt, the values
array must have a single element, which will
be interpreted as an integer. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
this pod in the same node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to nodes
that satisfy the affinity expressions specified by this field,
but it may choose a node that violates one or more of the
expressions. The node that is most preferred is the one with
the greatest sum of weights, i.e. for each node that meets
all of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through
the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm;
the node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement is
a selector that contains values, a key, and
an operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If
the operator is Exists or DoesNotExist,
the values array must be empty. This array
is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey matches
that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may not
try to eventually evict the pod from its node. When there
are multiple elements, the lists of nodes corresponding to
each podAffinityTerm are intersected, i.e. all terms must
be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s)) that
this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key <topologyKey>
matches that of any node on which a pod of the set of pods
is running
properties:
labelSelector:
description: A label query over a set of resources, in
this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of any
node on which any of the selected pods is running. Empty
topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
avoid putting this pod in the same node, zone, etc. as some other
pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to nodes
that satisfy the anti-affinity expressions specified by this
field, but it may choose a node that violates one or more
of the expressions. The node that is most preferred is the
one with the greatest sum of weights, i.e. for each node that
meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.),
compute a sum by iterating through the elements of this field
and adding "weight" to the sum if the node has pods which
matches the corresponding podAffinityTerm; the node(s) with
the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement is
a selector that contains values, a key, and
an operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If
the operator is Exists or DoesNotExist,
the values array must be empty. This array
is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey matches
that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will not
be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its node.
When there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms must
be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s)) that
this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key <topologyKey>
matches that of any node on which a pod of the set of pods
is running
properties:
labelSelector:
description: A label query over a set of resources, in
this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of any
node on which any of the selected pods is running. Empty
topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
alertmanagerInstanceNamespaces:
type: string
description: The key under which additional scrape configs are stored within the secret
priorityClassName:
type: string
description: Priority Class Name
labelSelector:
minLength: 1
type: string
prometheusInstanceNamespaces:
type: string
prometheusRetention:
type: string
prometheusStorageRequest:
type: string
selfSignedCerts:
type: boolean
required:
- labelSelector
type: object
status:
description: ApplicationMonitoringStatus defines the observed state of ApplicationMonitoring
properties:
lastblackboxconfig:
type: string
phase:
type: integer
required:
- lastblackboxconfig
- phase
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

71
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/crds/applicationmonitoring.integreatly.org_blackboxtargets_crd.yaml Normal file
View file

@ -0,0 +1,71 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: blackboxtargets.applicationmonitoring.integreatly.org
spec:
group: applicationmonitoring.integreatly.org
names:
kind: BlackboxTarget
listKind: BlackboxTargetList
plural: blackboxtargets
singular: blackboxtarget
scope: Namespaced
validation:
openAPIV3Schema:
description: BlackboxTarget is the Schema for the blackboxtargets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BlackboxTargetSpec defines the desired state of BlackboxTarget
properties:
blackboxTargets:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "operator-sdk generate k8s" to regenerate code after
modifying this file Add custom validation using kubebuilder tags:
https://book.kubebuilder.io/beyond_basics/generating_crd.html'
items:
description: 'BlackboxtargetStructure contains: A target (url, module
and service name) to be probed by the'
properties:
module:
type: string
service:
type: string
url:
type: string
required:
- module
- service
- url
type: object
type: array
type: object
status:
description: BlackboxTargetStatus defines the observed state of BlackboxTarget
properties:
phase:
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
of cluster Important: Run "operator-sdk generate k8s" to regenerate
code after modifying this file Add custom validation using kubebuilder
tags: https://book.kubebuilder.io/beyond_basics/generating_crd.html'
type: integer
required:
- phase
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true

149
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/crds/grafana_crd.yaml Normal file
View file

@ -0,0 +1,149 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: grafanas.integreatly.org
spec:
group: integreatly.org
names:
kind: Grafana
listKind: GrafanaList
plural: grafanas
singular: grafana
scope: Namespaced
subresources:
status: {}
version: v1alpha1
validation:
openAPIV3Schema:
required: ["spec"]
properties:
spec:
properties:
containers:
type: array
items:
type: object
description: Additional container to add to the grafana pod
secrets:
type: array
items:
type: string
description: Secret to be mounted as volume into the grafana deployment
configMaps:
type: array
items:
type: string
description: Config map to be mounted as volume into the grafana deployment
logLevel:
type: string
description: Log level of the grafana instance, defaults to info
adminUser:
type: string
description: Default admin user name
adminPassword:
type: string
description: Default admin password
basicAuth:
type: boolean
description: Basic auth enabled
disableLoginForm:
type: boolean
description: Disable login form
disableSignoutMenu:
type: boolean
description: Disable signout menu
anonymous:
type: boolean
description: Anonymous auth enabled
config:
type: object
description: Grafana config
ingress:
type: object
properties:
enabled:
type: boolean
description: Create an ingress / route
path:
type: string
description: Ingress path
hostname:
type: string
description: The hostname of the ingress / route
annotations:
type: object
description: Additional annotations for the ingress / route
labels:
type: object
description: Additional labels for the ingress / route
targetPort:
type: string
description: Override port to target in the grafana service
service:
type: object
properties:
ports:
type: array
description: Override default ports
items:
type: object
description: A port to add to the grafana service
annotations:
type: object
description: Additional annotations for the service
labels:
type: object
description: Additional labels for the service
type:
type: string
description: Service type (NodePort, ClusterIP or LoadBalancer)
deployment:
type: object
properties:
annotations:
type: object
description: Additional annotations for the service
labels:
type: object
description: Additional labels for the service
nodeSelector:
type: object
description: Additional labels for the running grafana pods in a labeled node.
tolerations:
type: array
description: Additonal labels for running grafana pods in tained nodes.
affinity:
type: object
description: Additonal labels for running grafana pods with affinity properties.
envFrom:
type: array
description: Environment variables from Secret or ConfigMap.
skipCreateAdminAccount:
type: boolean
description: Disable creating a random admin user
priorityClassName:
type: string
description: Pod priority class name
serviceAccount:
type: object
properties:
annotations:
type: object
description: Additional annotations for the serviceaccount
labels:
type: object
description: Additional labels for the serviceaccount
client:
type: object
description: Grafana client settings
compat:
type: object
description: Backwards compatibility switches
dashboardLabelSelectors:
type: array
items:
type: object
description: Label selector or match expressions
jsonnet:
type: object
description: Jsonnet library configuration

43
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/crds/grafana_dashboard_crd.yaml Normal file
View file

@ -0,0 +1,43 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: grafanadashboards.integreatly.org
spec:
group: integreatly.org
names:
kind: GrafanaDashboard
listKind: GrafanaDashboardList
plural: grafanadashboards
singular: grafanadashboard
scope: Namespaced
subresources:
status: {}
version: v1alpha1
validation:
openAPIV3Schema:
properties:
spec:
properties:
name:
type: string
json:
type: string
jsonnet:
description: Jsonnet source. Has access to grafonnet.
type: string
url:
type: string
description: URL to dashboard json
datasources:
type: array
items:
description: Input datasources to resolve before importing
type: object
plugins:
type: array
items:
description: Grafana Plugin Object
type: object
customFolderName:
description: Folder name that this dashboard will be assigned to.
type: string

35
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/crds/grafana_datasource_crd.yaml Normal file
View file

@ -0,0 +1,35 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: grafanadatasources.integreatly.org
spec:
group: integreatly.org
names:
kind: GrafanaDataSource
listKind: GrafanaDataSourceList
plural: grafanadatasources
singular: grafanadatasource
scope: Namespaced
subresources:
status: {}
version: v1alpha1
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
required: ["datasources", "name"]
properties:
name:
type: string
minimum: 1
datasources:
type: array
items:
description: Grafana Datasource Object
type: object

15
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/examples/ApplicationMonitoring.yaml Normal file
View file

@ -0,0 +1,15 @@
apiVersion: applicationmonitoring.integreatly.org/v1alpha1
kind: ApplicationMonitoring
metadata:
name: middleware-applicationmonitoring
spec:
labelSelector: "middleware"
additionalScrapeConfigSecretName: "integreatly-additional-scrape-configs"
additionalScrapeConfigSecretKey: "integreatly-additional.yaml"
prometheusRetention: 15d
prometheusStorageRequest: 10Gi
prometheusInstanceNamespaces: application-monitoring
alertmanagerInstanceNamespaces: application-monitoring
selfSignedCerts: true
priorityClassName: ""

12
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/examples/BlackboxTarget.yaml Normal file
View file

@ -0,0 +1,12 @@
apiVersion: applicationmonitoring.integreatly.org/v1alpha1
kind: BlackboxTarget
metadata:
name: example-blackboxtarget
spec:
blackboxTargets:
- service: example
url: https://example.com
module: http_extern_2xx
- service: example2
url: https://google.com
module: http_extern_2xx

37
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/operator.yaml Normal file
View file

@ -0,0 +1,37 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: application-monitoring-operator
spec:
replicas: 1
selector:
matchLabels:
name: application-monitoring-operator
template:
metadata:
labels:
name: application-monitoring-operator
spec:
serviceAccountName: application-monitoring-operator
containers:
- name: application-monitoring-operator
image: quay.io/integreatly/application-monitoring-operator:v1.5.0
ports:
- containerPort: 8383
name: metrics
command:
- application-monitoring-operator
imagePullPolicy: Always
env:
- name: TEMPLATE_PATH
value: /usr/local/bin/templates
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "application-monitoring-operator"

94
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/role.yaml Normal file
View file

@ -0,0 +1,94 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: application-monitoring-operator
rules:
- apiGroups:
- ""
resources:
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- serviceaccounts
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- deployments/finalizers
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagers
- prometheuses
- prometheusrules
- servicemonitors
verbs:
- '*'
- apiGroups:
- applicationmonitoring.integreatly.org
resources:
- applicationmonitorings
- applicationmonitorings/finalizers
- blackboxtargets
- blackboxtargets/finalizers
verbs:
- '*'
- apiGroups:
- integreatly.org
resources:
- grafanadatasources
- grafanadatasources/status
- grafanadashboards
- grafanadashboards/status
- grafanas
- grafanas/status
- grafanas/finalizers
- grafanadatasources/finalizers
- grafanadashboards/finalizers
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- '*'
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

11
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/role_binding.yaml Normal file
View file

@ -0,0 +1,11 @@
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: application-monitoring-operator
subjects:
- kind: ServiceAccount
name: application-monitoring-operator
roleRef:
kind: Role
name: application-monitoring-operator
apiGroup: rbac.authorization.k8s.io

4
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/deploy/service_account.yaml Normal file
View file

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: application-monitoring-operator

5
roles/openshift-apps/application-monitoring/files/application-monitoring-operator/version/version.go Normal file
View file

@ -0,0 +1,5 @@
package version
var (
Version = "1.5.0"
)

201
roles/openshift-apps/application-monitoring/files/grafana-operator/LICENSE Normal file
View file

@ -0,0 +1,201 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

227
roles/openshift-apps/application-monitoring/files/grafana-operator/deploy/crds/Grafana.yaml Normal file
View file

@ -0,0 +1,227 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: grafanas.integreatly.org
spec:
group: integreatly.org
names:
kind: Grafana
listKind: GrafanaList
plural: grafanas
singular: grafana
scope: Namespaced
subresources:
status: { }
version: v1alpha1
validation:
openAPIV3Schema:
required: [ "spec" ]
properties:
spec:
properties:
containers:
type: array
items:
type: object
description: Additional container to add to the grafana pod
secrets:
type: array
items:
type: string
description: Secret to be mounted as volume into the grafana deployment
configMaps:
type: array
items:
type: string
description: Config map to be mounted as volume into the grafana deployment
logLevel:
type: string
description: Log level of the grafana instance, defaults to info
adminUser:
type: string
description: Default admin user name
adminPassword:
type: string
description: Default admin password
basicAuth:
type: boolean
description: Basic auth enabled
disableLoginForm:
type: boolean
description: Disable login form
disableSignoutMenu:
type: boolean
description: Disable signout menu
anonymous:
type: boolean
description: Anonymous auth enabled
config:
type: object
description: Grafana config
ingress:
type: object
properties:
enabled:
type: boolean
description: Create an ingress / route
path:
type: string
description: Ingress path
hostname:
type: string
description: The hostname of the ingress / route
annotations:
type: object
description: Additional annotations for the ingress / route
labels:
type: object
description: Additional labels for the ingress / route
targetPort:
type: string
description: Override port to target in the grafana service
service:
type: object
properties:
name:
type: string
description: Override default service name
ports:
type: array
description: Override default ports
items:
type: object
description: A port to add to the grafana service
annotations:
type: object
description: Additional annotations for the service
labels:
type: object
description: Additional labels for the service
type:
type: string
description: Service type (NodePort, ClusterIP or LoadBalancer)
deployment:
type: object
properties:
annotations:
type: object
description: Additional annotations for the service
labels:
type: object
description: Additional labels for the service
nodeSelector:
type: object
description: Additional labels for the running grafana pods in a labeled node.
tolerations:
type: array
description: Additonal labels for running grafana pods in tained nodes.
affinity:
type: object
description: Additonal labels for running grafana pods with affinity properties.
envFrom:
type: array
description: Environment variables from Secret or ConfigMap.
skipCreateAdminAccount:
type: boolean
description: Disable creating a random admin user
priorityClassName:
type: string
description: Pod priority class name
serviceAccount:
type: object
properties:
annotations:
type: object
description: Additional annotations for the serviceaccount
labels:
type: object
description: Additional labels for the serviceaccount
client:
type: object
description: Grafana client settings
compat:
type: object
description: Backwards compatibility switches
dashboardLabelSelectors:
type: array
items:
type: object
description: Label selector or match expressions
jsonnet:
type: object
description: Jsonnet library configuration
livenessProbeSpec:
type: object
properties:
initialDelaySeconds:
description: >-
Number of seconds after the container has
started before liveness probes are initiated. More info:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
timeoutSeconds:
description: Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1.
format: int32
type: integer
periodSeconds:
description: >-
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: >-
Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
failureThreshold:
description: >-
When a probe fails, Kubernetes will try failureThreshold times before giving up.
Giving up in case of liveness probe means restarting the container.
In case of readiness probe the Pod will be marked Unready.
Defaults to 3. Minimum value is 1.
format: int32
type: integer
readinessProbeSpec:
type: object
properties:
initialDelaySeconds:
description: >-
Number of seconds after the container has
started before liveness probes are initiated. More info
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
format: int32
type: integer
timeoutSeconds:
description: >-
Number of seconds after which the probe times out. Defaults to 1 second.
Minimum value is 1.
format: int32
type: integer
periodSeconds:
description: >-
How often (in seconds) to perform the probe.
Default to 10 seconds. Minimum value is 1.
format: int32
type: integer
successThreshold:
description: >-
Minimum consecutive successes for the probe
to be considered successful after having failed. Defaults
to 1. Must be 1 for liveness and startup. Minimum value
is 1.
format: int32
type: integer
failureThreshold:
description: >-
When a probe fails, Kubernetes will try failureThreshold times before giving up.
Giving up in case of liveness probe means restarting the container.
In case of readiness probe the Pod will be marked Unready.
Defaults to 3. Minimum value is 1.
format: int32
type: integer

44
roles/openshift-apps/application-monitoring/files/grafana-operator/deploy/crds/GrafanaDashboard.yaml Normal file
View file

@ -0,0 +1,44 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: grafanadashboards.integreatly.org
spec:
group: integreatly.org
names:
kind: GrafanaDashboard
listKind: GrafanaDashboardList
plural: grafanadashboards
singular: grafanadashboard
scope: Namespaced
subresources:
status: {}
version: v1alpha1
validation:
openAPIV3Schema:
properties:
spec:
properties:
name:
type: string
json:
type: string
jsonnet:
description: Jsonnet source. Has access to grafonnet.
type: string
url:
type: string
description: URL to dashboard json
datasources:
type: array
items:
description: Input datasources to resolve before importing
type: object
plugins:
type: array
items:
description: Grafana Plugin Object
type: object
customFolderName:
description: Folder name that this dashboard will be assigned to.
type: string

35
roles/openshift-apps/application-monitoring/files/grafana-operator/deploy/crds/GrafanaDataSource.yaml Normal file
View file

@ -0,0 +1,35 @@
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: grafanadatasources.integreatly.org
spec:
group: integreatly.org
names:
kind: GrafanaDataSource
listKind: GrafanaDataSourceList
plural: grafanadatasources
singular: grafanadatasource
scope: Namespaced
subresources:
status: {}
version: v1alpha1
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
required: ["datasources", "name"]
properties:
name:
type: string
minimum: 1
datasources:
type: array
items:
description: Grafana Datasource Object
type: object

5
roles/openshift-apps/application-monitoring/files/grafana-operator/version/version.go Normal file
View file

@ -0,0 +1,5 @@
package version
var (
Version = "3.8.1"
)

202
roles/openshift-apps/application-monitoring/files/prometheus-operator/LICENSE Normal file
View file

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

1
roles/openshift-apps/application-monitoring/files/prometheus-operator/VERSION Normal file
View file

@ -0,0 +1 @@
0.34.0

4630
roles/openshift-apps/application-monitoring/files/prometheus-operator/example/prometheus-operator-crd/alertmanager.crd.yaml Normal file
View file

File diff suppressed because it is too large Load diff

240
roles/openshift-apps/application-monitoring/files/prometheus-operator/example/prometheus-operator-crd/podmonitor.crd.yaml Normal file
View file

@ -0,0 +1,240 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: podmonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
kind: PodMonitor
plural: podmonitors
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
spec:
description: PodMonitorSpec contains specification parameters for a PodMonitor.
properties:
jobLabel:
description: The label to use to retrieve the job name from.
type: string
namespaceSelector:
description: NamespaceSelector is a selector for selecting either all
namespaces or a list of namespaces.
properties:
any:
description: Boolean describing whether all namespaces are selected
in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
type: object
podMetricsEndpoints:
description: A list of endpoints allowed as part of this PodMonitor.
items:
description: PodMetricsEndpoint defines a scrapeable endpoint of a
Kubernetes Pod serving Prometheus metrics.
properties:
honorLabels:
description: HonorLabels chooses the metric's labels on collisions
with target labels.
type: boolean
honorTimestamps:
description: HonorTimestamps controls whether Prometheus respects
the timestamps present in scraped data.
type: boolean
interval:
description: Interval at which metrics should be scraped
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before ingestion.
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It defines
`<metric_relabel_configs>`-section of Prometheus configuration.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source label
values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. defailt is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
params:
description: Optional HTTP URL parameters
type: object
path:
description: HTTP path to scrape for metrics.
type: string
port:
description: Name of the port this endpoint refers to. Mutually
exclusive with targetPort.
type: string
proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
to proxy through this endpoint.
type: string
relabelings:
description: 'RelabelConfigs to apply to samples before ingestion.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It defines
`<metric_relabel_configs>`-section of Prometheus configuration.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source label
values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. defailt is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
scheme:
description: HTTP scheme to use for scraping.
type: string
scrapeTimeout:
description: Timeout after which the scrape is ended
type: string
targetPort:
anyOf:
- type: string
- type: integer
type: object
type: array
podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes Pod
onto the target.
items:
type: string
type: array
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped
samples that will be accepted.
format: int64
type: integer
selector:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains
values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to a
set of values. Valid operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
is In or NotIn, the values array must be non-empty. If the
operator is Exists or DoesNotExist, the values array must
be empty. This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator is
"In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
required:
- podMetricsEndpoints
- selector
type: object
type: object
version: v1

5542
roles/openshift-apps/application-monitoring/files/prometheus-operator/example/prometheus-operator-crd/prometheus.crd.yaml Normal file
View file

File diff suppressed because it is too large Load diff

251
roles/openshift-apps/application-monitoring/files/prometheus-operator/example/prometheus-operator-crd/prometheusrule.crd.yaml Normal file
View file

@ -0,0 +1,251 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: prometheusrules.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
kind: PrometheusRule
plural: prometheusrules
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
description: ObjectMeta is metadata that all persisted resources must have,
which includes all objects users must create.
properties:
annotations:
description: 'Annotations is an unstructured key value map stored with
a resource that may be set by external tools to store and retrieve
arbitrary metadata. They are not queryable and should be preserved
when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations'
type: object
clusterName:
description: The name of the cluster which the object belongs to. This
is used to distinguish resources with same name and namespace in different
clusters. This field is not set anywhere right now and apiserver is
going to ignore it if set in create or update request.
type: string
creationTimestamp:
description: Time is a wrapper around time.Time which supports correct
marshaling to YAML and JSON. Wrappers are provided for many of the
factory methods that the time package offers.
format: date-time
type: string
deletionGracePeriodSeconds:
description: Number of seconds allowed for this object to gracefully
terminate before it will be removed from the system. Only set when
deletionTimestamp is also set. May only be shortened. Read-only.
format: int64
type: integer
deletionTimestamp:
description: Time is a wrapper around time.Time which supports correct
marshaling to YAML and JSON. Wrappers are provided for many of the
factory methods that the time package offers.
format: date-time
type: string
finalizers:
description: Must be empty before the object is deleted from the registry.
Each entry is an identifier for the responsible component that will
remove the entry from the list. If the deletionTimestamp of the object
is non-nil, entries in this list can only be removed.
items:
type: string
type: array
generateName:
description: |-
GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.
If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).
Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency
type: string
generation:
description: A sequence number representing a specific generation of
the desired state. Populated by the system. Read-only.
format: int64
type: integer
labels:
description: 'Map of string keys and values that can be used to organize
and categorize (scope and select) objects. May match selectors of
replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels'
type: object
managedFields:
description: ManagedFields maps workflow-id and version to the set of
fields that are managed by that workflow. This is mostly for internal
housekeeping, and users typically shouldn't need to set or understand
this field. A workflow can be the user's name, a controller's name,
or the name of a specific apply path like "ci-cd". The set of fields
is always in the version that the workflow used when modifying the
object.
items:
description: ManagedFieldsEntry is a workflow-id, a FieldSet and the
group version of the resource that the fieldset applies to.
properties:
apiVersion:
description: APIVersion defines the version of this resource that
this field set applies to. The format is "group/version" just
like the top-level APIVersion field. It is necessary to track
the version of a field set because it cannot be automatically
converted.
type: string
fieldsType:
description: 'FieldsType is the discriminator for the different
fields format and version. There is currently only one possible
value: "FieldsV1"'
type: string
fieldsV1:
description: |-
FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.
Each key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:<name>', where <name> is the name of a field in a struct, or key in a map 'v:<value>', where <value> is the exact json formatted value of a list item 'i:<index>', where <index> is position of a item in a list 'k:<keys>', where <keys> is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.
The exact format is defined in sigs.k8s.io/structured-merge-diff
type: object
manager:
description: Manager is an identifier of the workflow managing
these fields.
type: string
operation:
description: Operation is the type of operation which lead to
this ManagedFieldsEntry being created. The only valid values
for this field are 'Apply' and 'Update'.
type: string
time:
description: Time is a wrapper around time.Time which supports
correct marshaling to YAML and JSON. Wrappers are provided
for many of the factory methods that the time package offers.
format: date-time
type: string
type: object
type: array
name:
description: 'Name must be unique within a namespace. Is required when
creating resources, although some resources may allow a client to
request the generation of an appropriate name automatically. Name
is primarily intended for creation idempotence and configuration definition.
Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
namespace:
description: |-
Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.
Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces
type: string
ownerReferences:
description: List of objects depended by this object. If ALL objects
in the list have been deleted, this object will be garbage collected.
If this object is managed by a controller, then an entry in this list
will point to this controller, with the controller field set to true.
There cannot be more than one managing controller.
items:
description: OwnerReference contains enough information to let you
identify an owning object. An owning object must be in the same
namespace as the dependent, or be cluster-scoped, so there is no
namespace field.
properties:
apiVersion:
description: API version of the referent.
type: string
blockOwnerDeletion:
description: If true, AND if the owner has the "foregroundDeletion"
finalizer, then the owner cannot be deleted from the key-value
store until this reference is removed. Defaults to false. To
set this field, a user needs "delete" permission of the owner,
otherwise 422 (Unprocessable Entity) will be returned.
type: boolean
controller:
description: If true, this reference points to the managing controller.
type: boolean
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
type: string
uid:
description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
type: string
required:
- apiVersion
- kind
- name
- uid
type: object
type: array
resourceVersion:
description: |-
An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.
Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
selfLink:
description: |-
SelfLink is a URL representing this object. Populated by the system. Read-only.
DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.
type: string
uid:
description: |-
UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.
Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids
type: string
type: object
spec:
description: PrometheusRuleSpec contains specification parameters for a
Rule.
properties:
groups:
description: Content of Prometheus rule file
items:
description: RuleGroup is a list of sequentially evaluated recording
and alerting rules.
properties:
interval:
type: string
name:
type: string
rules:
items:
description: Rule describes an alerting or recording rule.
properties:
alert:
type: string
annotations:
type: object
expr:
anyOf:
- type: string
- type: integer
for:
type: string
labels:
type: object
record:
type: string
required:
- expr
type: object
type: array
required:
- name
- rules
type: object
type: array
type: object
type: object
version: v1

347
roles/openshift-apps/application-monitoring/files/prometheus-operator/example/prometheus-operator-crd/servicemonitor.crd.yaml Normal file
View file

@ -0,0 +1,347 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: servicemonitors.monitoring.coreos.com
spec:
group: monitoring.coreos.com
names:
kind: ServiceMonitor
plural: servicemonitors
scope: Namespaced
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
spec:
description: ServiceMonitorSpec contains specification parameters for a
ServiceMonitor.
properties:
endpoints:
description: A list of endpoints allowed as part of this ServiceMonitor.
items:
description: Endpoint defines a scrapeable endpoint serving Prometheus
metrics.
properties:
basicAuth:
description: 'BasicAuth allow an endpoint to authenticate over
basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints'
properties:
password:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
username:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
bearerTokenFile:
description: File to read bearer token for scraping targets.
type: string
bearerTokenSecret:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
honorLabels:
description: HonorLabels chooses the metric's labels on collisions
with target labels.
type: boolean
honorTimestamps:
description: HonorTimestamps controls whether Prometheus respects
the timestamps present in scraped data.
type: boolean
interval:
description: Interval at which metrics should be scraped
type: string
metricRelabelings:
description: MetricRelabelConfigs to apply to samples before ingestion.
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It defines
`<metric_relabel_configs>`-section of Prometheus configuration.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source label
values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. defailt is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
params:
description: Optional HTTP URL parameters
type: object
path:
description: HTTP path to scrape for metrics.
type: string
port:
description: Name of the service port this endpoint refers to.
Mutually exclusive with targetPort.
type: string
proxyUrl:
description: ProxyURL eg http://proxyserver:2195 Directs scrapes
to proxy through this endpoint.
type: string
relabelings:
description: 'RelabelConfigs to apply to samples before scraping.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config'
items:
description: 'RelabelConfig allows dynamic rewriting of the
label set, being applied to samples before ingestion. It defines
`<metric_relabel_configs>`-section of Prometheus configuration.
More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs'
properties:
action:
description: Action to perform based on regex matching.
Default is 'replace'
type: string
modulus:
description: Modulus to take of the hash of the source label
values.
format: int64
type: integer
regex:
description: Regular expression against which the extracted
value is matched. defailt is '(.*)'
type: string
replacement:
description: Replacement value against which a regex replace
is performed if the regular expression matches. Regex
capture groups are available. Default is '$1'
type: string
separator:
description: Separator placed between concatenated source
label values. default is ';'.
type: string
sourceLabels:
description: The source labels select values from existing
labels. Their content is concatenated using the configured
separator and matched against the configured regular expression
for the replace, keep, and drop actions.
items:
type: string
type: array
targetLabel:
description: Label to which the resulting value is written
in a replace action. It is mandatory for replace actions.
Regex capture groups are available.
type: string
type: object
type: array
scheme:
description: HTTP scheme to use for scraping.
type: string
scrapeTimeout:
description: Timeout after which the scrape is ended
type: string
targetPort:
anyOf:
- type: string
- type: integer
tlsConfig:
description: TLSConfig specifies TLS configuration parameters.
properties:
ca: {}
caFile:
description: Path to the CA cert in the Prometheus container
to use for the targets.
type: string
cert: {}
certFile:
description: Path to the client cert file in the Prometheus
container for the targets.
type: string
insecureSkipVerify:
description: Disable target certificate validation.
type: boolean
keyFile:
description: Path to the client key file in the Prometheus
container for the targets.
type: string
keySecret:
description: SecretKeySelector selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
serverName:
description: Used to verify the hostname for the targets.
type: string
type: object
type: object
type: array
jobLabel:
description: The label to use to retrieve the job name from.
type: string
namespaceSelector:
description: NamespaceSelector is a selector for selecting either all
namespaces or a list of namespaces.
properties:
any:
description: Boolean describing whether all namespaces are selected
in contrast to a list restricting them.
type: boolean
matchNames:
description: List of namespace names.
items:
type: string
type: array
type: object
podTargetLabels:
description: PodTargetLabels transfers labels on the Kubernetes Pod
onto the target.
items:
type: string
type: array
sampleLimit:
description: SampleLimit defines per-scrape limit on number of scraped
samples that will be accepted.
format: int64
type: integer
selector:
description: A label selector is a label query over a set of resources.
The result of matchLabels and matchExpressions are ANDed. An empty
label selector matches all objects. A null label selector matches
no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that contains
values, a key, and an operator that relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to a
set of values. Valid operators are In, NotIn, Exists and
DoesNotExist.
type: string
values:
description: values is an array of string values. If the operator
is In or NotIn, the values array must be non-empty. If the
operator is Exists or DoesNotExist, the values array must
be empty. This array is replaced during a strategic merge
patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator is
"In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
targetLabels:
description: TargetLabels transfers labels on the Kubernetes Service
onto the target.
items:
type: string
type: array
required:
- endpoints
- selector
type: object
type: object
version: v1