diff --git a/charts/devtron-monitoring/Chart.yaml b/charts/devtron-monitoring/Chart.yaml index 2b795245..1e87824c 100644 --- a/charts/devtron-monitoring/Chart.yaml +++ b/charts/devtron-monitoring/Chart.yaml @@ -10,8 +10,10 @@ sources: - https://github.com/kubernetes-sigs/metrics-server/tree/master/charts/metrics-server - https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-blackbox-exporter - https://github.com/deliveryhero/helm-charts/tree/master/stable/k8s-event-logger + - https://github.com/grafana/pyroscope + - https://github.com/VictoriaMetrics/helm-charts -version: 0.0.3 +version: 0.0.6 appVersion: "0.0.1" dependencies: - name: fluent-bit @@ -47,6 +49,16 @@ dependencies: repository: https://victoriametrics.github.io/helm-charts/ condition: victoriametrics.enabled alias: victoriametrics +- name: pyroscope + repository: https://grafana.github.io/helm-charts + version: "1.13.2" + condition: pyroscope.enabled + alias: pyroscope +- name: victoria-logs-single + version: "0.9.8" + repository: https://victoriametrics.github.io/helm-charts/ + condition: vmlogs.enabled + alias: vmlogs maintainers: - email: badal@devtron.ai name: Badal Kumar diff --git a/charts/devtron-monitoring/README.MD b/charts/devtron-monitoring/README.MD index 762e4cb9..eebd87fd 100644 --- a/charts/devtron-monitoring/README.MD +++ b/charts/devtron-monitoring/README.MD @@ -8,6 +8,8 @@ - Kube-Prom-Stack / Victoria Metrics - Black Box - Event Logger +- VMlogs +- Pyroscope diff --git a/charts/devtron-monitoring/app-values.yaml b/charts/devtron-monitoring/app-values.yaml index e8dac449..b780471f 100644 --- a/charts/devtron-monitoring/app-values.yaml +++ b/charts/devtron-monitoring/app-values.yaml @@ -92,7 +92,6 @@ fluent-bit: endpoint https:// bucket s3_key_format /$TAG[1]/$TAG[3]/%Y-%m-%d/%H_%M_%S_$TAG[2].log - # s3_key_format /$TAG[1]/$TAG[3]/%Y-%m-%d/%H_%M_%S.log s3_key_format_tag_delimiters . static_file_path On use_put_object Off @@ -241,7 +240,6 @@ vector: inputs: - my_remap_id_audit key_prefix: '{{ print "audit-log/devtroncd/{{ container_name }}/%Y-%m-%d/" }}' - region: type: aws_s3 my_sink_id_audit: batch: @@ -255,7 +253,6 @@ vector: inputs: - my_remap_id key_prefix: '{{ print "vector-log-2/devtroncd/{{ container_name }}/%Y-%m-%d/" }}' - region: type: aws_s3 sources: kube_log: @@ -436,7 +433,7 @@ victoriametrics: path: /var/lib/grafana/dashboards/default orgId: 1 type: file - dashboards: + dashboards: default: nodeexporter: datasource: VictoriaMetrics @@ -462,7 +459,7 @@ victoriametrics: nginx.ingress.kubernetes.io/force-ssl-redirect: "false" nginx.ingress.kubernetes.io/rewrite-target: /grafana/$2 nginx.ingress.kubernetes.io/ssl-redirect: "false" - enabled: true + enabled: false hosts: - .domain.com ingressClassName: nginx-new @@ -501,7 +498,7 @@ victoriametrics: disable_prometheus_converter: false prometheus_converter_add_argocd_ignore_annotations: true vmagent: - enabled: true + enabled: false ingress: enabled: true hosts: @@ -517,7 +514,7 @@ victoriametrics: promscrape.suppressScrapeErrorsDelay: 30s scrapeInterval: 20s vmalert: - enabled: true + enabled: false ingress: enabled: true hosts: @@ -527,11 +524,93 @@ victoriametrics: extraArgs: external.url: https://vmalert-.domain.com vmsingle: - enabled: true + enabled: false + containers: + - name: oauth2-proxy + image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 + args: + - --provider=google # Change this to: google, github, azure, oidc, etc. + - --upstream=http://127.0.0.1:8429 + - --http-address=0.0.0.0:4180 + - --cookie-secure=true + - --redirect-url=https://vmsingle-.domain.com/oauth2/callback + - --email-domain= + env: + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + name: google-oauth-secrets + key: client-id + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: google-oauth-secrets + key: client-secret + - name: OAUTH2_PROXY_COOKIE_SECRET + valueFrom: + secretKeyRef: + name: google-oauth-secrets + key: cookie-secret + - name: OAUTH2_PROXY_REDIRECT_URL + value: "https://vmsingle-.domain.com/oauth2/callback" + ports: + - containerPort: 4180 + name: oauth-proxy + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + livenessProbe: + httpGet: + path: /ping + port: 4180 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ping + port: 4180 + initialDelaySeconds: 5 + periodSeconds: 5 + # Update service to expose oauth2-proxy port + ports: + - name: http + port: 8429 + targetPort: 8429 + - name: oauth-proxy + port: 4180 + targetPort: 4180 ingress: enabled: true + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/upstream-vhost: vmsingle-.domain.com + # Route traffic to oauth2-proxy port instead of VMSingle directly + nginx.ingress.kubernetes.io/service-upstream: "true" hosts: - vmsingle-.domain.com + extraPaths: + - path: /oauth2 + pathType: Prefix + backend: + service: + name: vmsingle-victoria-metrics + port: + name: oauth-proxy + - path: / + pathType: Prefix + backend: + service: + name: vmsingle-victoria-metrics + port: + name: oauth-proxy ingressClassName: nginx spec: retentionPeriod: 5d +pyroscope: + enabled: false +vmlogs: + enabled: false diff --git a/charts/devtron-monitoring/values.yaml b/charts/devtron-monitoring/values.yaml index e8dac449..cd574e6f 100644 --- a/charts/devtron-monitoring/values.yaml +++ b/charts/devtron-monitoring/values.yaml @@ -92,7 +92,6 @@ fluent-bit: endpoint https:// bucket s3_key_format /$TAG[1]/$TAG[3]/%Y-%m-%d/%H_%M_%S_$TAG[2].log - # s3_key_format /$TAG[1]/$TAG[3]/%Y-%m-%d/%H_%M_%S.log s3_key_format_tag_delimiters . static_file_path On use_put_object Off @@ -241,7 +240,6 @@ vector: inputs: - my_remap_id_audit key_prefix: '{{ print "audit-log/devtroncd/{{ container_name }}/%Y-%m-%d/" }}' - region: type: aws_s3 my_sink_id_audit: batch: @@ -255,7 +253,6 @@ vector: inputs: - my_remap_id key_prefix: '{{ print "vector-log-2/devtroncd/{{ container_name }}/%Y-%m-%d/" }}' - region: type: aws_s3 sources: kube_log: @@ -413,7 +410,7 @@ victoriametrics: - continue: true match: null receiver: discord - enabled: true + enabled: false crds: enabled: true defaultDashboards: @@ -501,7 +498,7 @@ victoriametrics: disable_prometheus_converter: false prometheus_converter_add_argocd_ignore_annotations: true vmagent: - enabled: true + enabled: false ingress: enabled: true hosts: @@ -517,7 +514,7 @@ victoriametrics: promscrape.suppressScrapeErrorsDelay: 30s scrapeInterval: 20s vmalert: - enabled: true + enabled: false ingress: enabled: true hosts: @@ -527,11 +524,93 @@ victoriametrics: extraArgs: external.url: https://vmalert-.domain.com vmsingle: - enabled: true + enabled: false + containers: + - name: oauth2-proxy + image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 + args: + - --provider=google # Change this to: google, github, azure, oidc, etc. + - --upstream=http://127.0.0.1:8429 + - --http-address=0.0.0.0:4180 + - --cookie-secure=true + - --redirect-url=https://vmsingle-.domain.com/oauth2/callback + - --email-domain= + env: + - name: OAUTH2_PROXY_CLIENT_ID + valueFrom: + secretKeyRef: + name: google-oauth-secrets + key: client-id + - name: OAUTH2_PROXY_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: google-oauth-secrets + key: client-secret + - name: OAUTH2_PROXY_COOKIE_SECRET + valueFrom: + secretKeyRef: + name: google-oauth-secrets + key: cookie-secret + - name: OAUTH2_PROXY_REDIRECT_URL + value: "https://vmsingle-.domain.com/oauth2/callback" + ports: + - containerPort: 4180 + name: oauth-proxy + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi + livenessProbe: + httpGet: + path: /ping + port: 4180 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ping + port: 4180 + initialDelaySeconds: 5 + periodSeconds: 5 + # Update service to expose oauth2-proxy port + ports: + - name: http + port: 8429 + targetPort: 8429 + - name: oauth-proxy + port: 4180 + targetPort: 4180 ingress: enabled: true + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/upstream-vhost: vmsingle-.domain.com + # Route traffic to oauth2-proxy port instead of VMSingle directly + nginx.ingress.kubernetes.io/service-upstream: "true" hosts: - vmsingle-.domain.com + extraPaths: + - path: /oauth2 + pathType: Prefix + backend: + service: + name: vmsingle-victoria-metrics + port: + name: oauth-proxy + - path: / + pathType: Prefix + backend: + service: + name: vmsingle-victoria-metrics + port: + name: oauth-proxy ingressClassName: nginx spec: retentionPeriod: 5d +pyroscope: + enabled: false +vmlogs: + enabled: false