From 41ab33e076e45876536b16d215285127c55a035d Mon Sep 17 00:00:00 2001 From: Devin Buhl Date: Thu, 18 Jul 2024 09:02:32 -0400 Subject: [PATCH] fix: bugfixes and performance improvements Signed-off-by: Devin Buhl --- .../kube-system/spegel/app/helm-values.yaml | 1 + .../blackbox-exporter/app/helmrelease.yaml | 65 ++++++++----------- .../blackbox-exporter/app/kustomization.yaml | 1 + .../blackbox-exporter/app/probes.yaml | 25 +++++++ 4 files changed, 55 insertions(+), 37 deletions(-) create mode 100644 kubernetes/main/apps/observability/blackbox-exporter/app/probes.yaml diff --git a/kubernetes/main/apps/kube-system/spegel/app/helm-values.yaml b/kubernetes/main/apps/kube-system/spegel/app/helm-values.yaml index a4185ae36896b..7b137f39cb43c 100644 --- a/kubernetes/main/apps/kube-system/spegel/app/helm-values.yaml +++ b/kubernetes/main/apps/kube-system/spegel/app/helm-values.yaml @@ -1,5 +1,6 @@ --- spegel: + appendMirrors: true containerdSock: /run/containerd/containerd.sock containerdRegistryConfigPath: /etc/cri/conf.d/hosts service: diff --git a/kubernetes/main/apps/observability/blackbox-exporter/app/helmrelease.yaml b/kubernetes/main/apps/observability/blackbox-exporter/app/helmrelease.yaml index 2f92e9369a2fb..17845079505be 100644 --- a/kubernetes/main/apps/observability/blackbox-exporter/app/helmrelease.yaml +++ b/kubernetes/main/apps/observability/blackbox-exporter/app/helmrelease.yaml @@ -24,6 +24,22 @@ spec: retries: 3 values: fullnameOverride: blackbox-exporter + pspEnabled: false + ingress: + enabled: true + annotations: + external-dns.alpha.kubernetes.io/target: internal.devbu.io + className: internal + hosts: + - host: blackbox-exporter.devbu.io + paths: + - path: / + pathType: Prefix + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + add: ["NET_RAW"] config: modules: http_2xx: @@ -32,22 +48,22 @@ spec: http: valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] follow_redirects: true - preferred_ip_protocol: ip4 + preferred_ip_protocol: ipv4 icmp: prober: icmp - timeout: 30s + timeout: 5s icmp: - preferred_ip_protocol: ip4 - ingress: + preferred_ip_protocol: ipv4 + tcp_connect: + prober: tcp + timeout: 5s + tcp: + preferred_ip_protocol: ipv4 + serviceMonitor: enabled: true - annotations: - external-dns.alpha.kubernetes.io/target: internal.devbu.io - className: internal - hosts: - - host: blackbox-exporter.devbu.io - paths: - - path: / - pathType: Prefix + defaults: + interval: 1m + scrapeTimeout: 10s prometheusRule: enabled: true rules: @@ -59,28 +75,3 @@ spec: annotations: summary: |- The host {{ $labels.target }} is currently unreachable - pspEnabled: false - securityContext: - capabilities: - add: ["NET_RAW"] - podSecurityContext: - sysctls: - - name: net.ipv4.ping_group_range - value: "0 2147483647" - serviceMonitor: - enabled: true - defaults: - interval: 1m - targets: - - { name: &name expanse.internal, module: icmp, url: *name } - - { name: &name garage-door.internal, module: icmp, url: *name } - - { name: &name hdhomerun.internal, module: icmp, url: *name } - - { name: &name idrac.internal, module: icmp, url: *name } - - { name: &name kiosk.internal, module: icmp, url: *name } - - { name: &name kvm.internal, module: icmp, url: *name } - - { name: &name pikvm.internal, module: icmp, url: *name } - - { name: &name receiver.internal, module: icmp, url: *name } - - { name: &name ups.internal, module: icmp, url: *name } - - { name: &name vacuum.internal, module: icmp, url: *name } - - { name: &name zigbee-controller.internal, module: icmp, url: *name } - - { name: &name zwave-controller.internal, module: icmp, url: *name } diff --git a/kubernetes/main/apps/observability/blackbox-exporter/app/kustomization.yaml b/kubernetes/main/apps/observability/blackbox-exporter/app/kustomization.yaml index 17cbc72b25c80..e6e03c60544e4 100644 --- a/kubernetes/main/apps/observability/blackbox-exporter/app/kustomization.yaml +++ b/kubernetes/main/apps/observability/blackbox-exporter/app/kustomization.yaml @@ -4,3 +4,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./helmrelease.yaml + - ./probes.yaml diff --git a/kubernetes/main/apps/observability/blackbox-exporter/app/probes.yaml b/kubernetes/main/apps/observability/blackbox-exporter/app/probes.yaml new file mode 100644 index 0000000000000..772b1b9629b2d --- /dev/null +++ b/kubernetes/main/apps/observability/blackbox-exporter/app/probes.yaml @@ -0,0 +1,25 @@ +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/probe_v1.json +--- +kind: Probe +apiVersion: monitoring.coreos.com/v1 +metadata: + name: devices +spec: + module: icmp + prober: + url: blackbox-exporter.observability.svc.cluster.local:9115 + targets: + staticConfig: + static: + - expanse.internal + - garage-door.internal + - hdhomerun.internal + - idrac.internal + - kiosk.internal + - kvm.internal + - pikvm.internal + - receiver.internal + - ups.internal + - vacuum.internal + - zigbee-controller.internal + - zwave-controller.internal