alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions 1 Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:be293b8c03b8a3ff5fb71c5b7b9d3bed4d79fe4d
Branches Tags
alexlebens:renovate/major-unified-loki alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-talosctl alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

1 Commits
main ... be293b8c03

Author SHA1 Message Date
Renovate Bot
be293b8c03 chore(deps): update dependency freika/dawarich to v1.7.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m6s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 37s
Details
2026-04-27 17:27:05 +00:00
24 changed files with 31 additions and 898 deletions
Expand all files Collapse all files

108
clusters/cl01tl/helm/argocd/templates/prometheus-rule.yaml
View File

@@ -1,108 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: haproxy
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: haproxy
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: EmbeddedExporter
rules:
- alert: HAProxyHighHTTP4xxErrorRateBackend
expr: ((sum by (proxy) (rate(haproxy_server_http_responses_total{code="4xx"}[1m])) / sum by (proxy) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (proxy) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy high HTTP 4xx error rate backend (instance {{ `{{ $labels.instance }}` }})
description: "Too many HTTP requests with status 4xx (> 5%) on backend {{ `{{ $labels.proxy }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyHighHTTP5xxErrorRateBackend
expr: ((sum by (proxy) (rate(haproxy_server_http_responses_total{code="5xx"}[1m])) / sum by (proxy) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (proxy) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy high HTTP 5xx error rate backend (instance {{ `{{ $labels.instance }}` }})
description: "Too many HTTP requests with status 5xx (> 5%) on backend {{ `{{ $labels.proxy }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyHighHTTP4xxErrorRateServer
expr: ((sum by (server) (rate(haproxy_server_http_responses_total{code="4xx"}[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy high HTTP 4xx error rate server (instance {{ `{{ $labels.instance }}` }})
description: "Too many HTTP requests with status 4xx (> 5%) on server {{ `{{ $labels.server }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyHighHTTP5xxErrorRateServer
expr: ((sum by (server) (rate(haproxy_server_http_responses_total{code="5xx"}[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy high HTTP 5xx error rate server (instance {{ `{{ $labels.instance }}` }})
description: "Too many HTTP requests with status 5xx (> 5%) on server {{ `{{ $labels.server }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyServerResponseErrors
expr: (sum by (server) (rate(haproxy_server_response_errors_total[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100 > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy server response errors (instance {{ `{{ $labels.instance }}` }})
description: "Too many response errors to {{ `{{ $labels.server }}` }} server (> 5%).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyBackendConnectionErrors
expr: (sum by (proxy) (rate(haproxy_backend_connection_errors_total[1m]))) > 100
for: 1m
labels:
severity: critical
annotations:
summary: HAProxy backend connection errors (instance {{ `{{ $labels.instance }}` }})
description: "Too many connection errors to {{ `{{ $labels.proxy }}` }} backend (> 100 req/s). Request throughput may be too high.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyServerConnectionErrors
expr: (sum by (proxy) (rate(haproxy_server_connection_errors_total[1m]))) > 100
for: 0m
labels:
severity: critical
annotations:
summary: HAProxy server connection errors (instance {{ `{{ $labels.instance }}` }})
description: "Too many connection errors to {{ `{{ $labels.proxy }}` }} (> 100 req/s). Request throughput may be too high.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyBackendMaxActiveSession>80%
expr: (haproxy_backend_current_sessions / haproxy_backend_limit_sessions * 100) > 80 and haproxy_backend_limit_sessions > 0
for: 2m
labels:
severity: warning
annotations:
summary: HAProxy backend max active session > 80% (instance {{ `{{ $labels.instance }}` }})
description: "Session limit from backend {{ `{{ $labels.proxy }}` }} reached 80% of limit - {{ `{{ $value | printf \"%.2f\"}}` }}%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyPendingRequests
expr: sum by (proxy) (haproxy_backend_current_queue) > 0
for: 2m
labels:
severity: warning
annotations:
summary: HAProxy pending requests (instance {{ `{{ $labels.instance }}` }})
description: "Some HAProxy requests are pending on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyRetryHigh
expr: sum by (proxy) (rate(haproxy_backend_retry_warnings_total[1m])) > 10
for: 2m
labels:
severity: warning
annotations:
summary: HAProxy retry high (instance {{ `{{ $labels.instance }}` }})
description: "High rate of retry on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyFrontendSecurityBlockedRequests
expr: sum by (proxy) (rate(haproxy_frontend_denied_connections_total[2m])) > 10
for: 2m
labels:
severity: warning
annotations:
summary: HAProxy frontend security blocked requests (instance {{ `{{ $labels.instance }}` }})
description: "HAProxy is blocking requests for security reason\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: HAProxyServerHealthcheckFailure
expr: increase(haproxy_server_check_failures_total[1m]) > 2
for: 0m
labels:
severity: warning
annotations:
summary: HAProxy server healthcheck failure (instance {{ `{{ $labels.instance }}` }})
description: "Some server healthcheck are failing on {{ `{{ $labels.server }}` }} ({{ `{{ $value }}` }} in the last 1m)\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

44
clusters/cl01tl/helm/cert-manager/templates/prometheus-rule.yaml
View File

@@ -1,44 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: cert-manager
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: cert-manager
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: EmbeddedExporter
rules:
- alert: Cert-ManagerAbsent
expr: absent(up{job="cert-manager"})
for: 10m
labels:
severity: critical
annotations:
summary: Cert-Manager absent (instance {{ `{{ $labels.instance }}` }})
description: "Cert-Manager has disappeared from Prometheus service discovery. New certificates will not be able to be minted, and existing ones can't be renewed until cert-manager is back.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: Cert-ManagerCertificateExpiringSoon
expr: avg by (exported_namespace, namespace, name) (certmanager_certificate_expiration_timestamp_seconds - time()) < (21 * 24 * 3600)
for: 1h
labels:
severity: warning
annotations:
summary: Cert-Manager certificate expiring soon (instance {{ `{{ $labels.instance }}` }})
description: "The certificate {{ `{{ $labels.name }}` }} is expiring in less than 21 days.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: Cert-ManagerCertificateNotReady
expr: max by (name, exported_namespace, namespace, condition) (certmanager_certificate_ready_status{condition!="True"} == 1)
for: 10m
labels:
severity: critical
annotations:
summary: Cert-Manager certificate not ready (instance {{ `{{ $labels.instance }}` }})
description: "The certificate {{ `{{ $labels.name }}` }} in namespace {{ `{{ $labels.exported_namespace }}` }} is not ready to serve traffic.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: Cert-ManagerHittingACMERateLimits
expr: sum by (host) (rate(certmanager_acme_client_request_count{status="429"}[5m])) > 0
for: 5m
labels:
severity: critical
annotations:
summary: Cert-Manager hitting ACME rate limits (instance {{ `{{ $labels.instance }}` }})
description: "Cert-Manager is being rate-limited by the ACME provider. Certificate issuance and renewal may be blocked for up to a week.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

4
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -18,7 +18,7 @@ rclone-postgres-backups-remote:
nameOverride: postgres-backups-remote-rclone
cronJob:
suspend: false
schedule: 0 6 * * 6
schedule: 0 1 * * *
rclone:
source:
bucketName: postgres-backups
@@ -45,7 +45,7 @@ rclone-postgres-backups-external:
nameOverride: postgres-backups-external-rclone
cronJob:
suspend: true
schedule: 0 6 * * 6
schedule: 20 1 * * *
rclone:
source:
bucketName: openbao-backups

10
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -8,7 +8,7 @@ dawarich:
main:
image:
repository: freikin/dawarich
tag: 1.7.0@sha256:7d5f99c61121fcfa4cbdd6a153392630d9f059ffb0156759278d3e049085ec62
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
command:
- "web-entrypoint.sh"
args:
@@ -111,7 +111,7 @@ dawarich:
sidekiq:
image:
repository: freikin/dawarich
tag: 1.7.0@sha256:7d5f99c61121fcfa4cbdd6a153392630d9f059ffb0156759278d3e049085ec62
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
command:
- "sidekiq-entrypoint.sh"
args:
@@ -161,12 +161,12 @@ dawarich:
- name: OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: dawarich-oidc-authentik
name: dawarich-oidc-secret
key: client
- name: OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: dawarich-oidc-authentik
name: dawarich-oidc-secret
key: secret
- name: OIDC_PROVIDER_NAME
value: Authentik
@@ -181,7 +181,7 @@ dawarich:
- name: SECRET_KEY_BASE
valueFrom:
secretKeyRef:
name: dawarich-key
name: dawarich-key-secret
key: key
- name: RAILS_LOG_TO_STDOUT
value: true

2
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -47,8 +47,6 @@ democratic-csi:
fsType: ext4
node:
hostPID: true
rbac:
enabled: true
driver:
extraEnv:
- name: ISCSIADM_HOST_STRATEGY

28
clusters/cl01tl/helm/gitea/templates/prometheus-rule.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: meilisearch
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: meilisearch
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: EmbeddedExporter
rules:
- alert: MeilisearchIndexIsEmpty
expr: meilisearch_index_docs_count == 0
for: 0m
labels:
severity: warning
annotations:
summary: Meilisearch index is empty (instance {{ `{{ $labels.instance }}` }})
description: "Meilisearch index {{ `{{ $labels.index }}` }} has zero documents\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: MeilisearchHttpResponseTime
expr: meilisearch_http_response_time_seconds > 0.5
for: 0m
labels:
severity: warning
annotations:
summary: Meilisearch http response time (instance {{ `{{ $labels.instance }}` }})
description: "Meilisearch http response time is too high\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

28
clusters/cl01tl/helm/jellyfin/templates/prometheus-rule.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: meilisearch
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: meilisearch
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: EmbeddedExporter
rules:
- alert: MeilisearchIndexIsEmpty
expr: meilisearch_index_docs_count == 0
for: 0m
labels:
severity: warning
annotations:
summary: Meilisearch index is empty (instance {{ `{{ $labels.instance }}` }})
description: "Meilisearch index {{ `{{ $labels.index }}` }} has zero documents\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: MeilisearchHttpResponseTime
expr: meilisearch_http_response_time_seconds > 0.5
for: 0m
labels:
severity: warning
annotations:
summary: Meilisearch http response time (instance {{ `{{ $labels.instance }}` }})
description: "Meilisearch http response time is too high\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

28
clusters/cl01tl/helm/karakeep/templates/prometheus-rule.yaml
View File

@@ -1,28 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: meilisearch
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: meilisearch
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: EmbeddedExporter
rules:
- alert: MeilisearchIndexIsEmpty
expr: meilisearch_index_docs_count == 0
for: 0m
labels:
severity: warning
annotations:
summary: Meilisearch index is empty (instance {{ `{{ $labels.instance }}` }})
description: "Meilisearch index {{ `{{ $labels.index }}` }} has zero documents\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: MeilisearchHttpResponseTime
expr: meilisearch_http_response_time_seconds > 0.5
for: 0m
labels:
severity: warning
annotations:
summary: Meilisearch http response time (instance {{ `{{ $labels.instance }}` }})
description: "Meilisearch http response time is too high\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies:
- name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts
version: 84.3.0
version: 84.2.1
- name: prometheus-operator-crds
repository: oci://ghcr.io/prometheus-community/charts
version: 28.0.1
@@ -11,5 +11,5 @@ dependencies:
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1
digest: sha256:88beedf9486adb9cb27b36c24021759401fcff106fc0e0cadbb3282d7e57d03c
generated: "2026-04-27T19:03:58.288039768Z"
digest: sha256:4d3525495bf1c15bf3508fc9948fa46b2194b8e0439f4aeaf27bf855e9964f65
generated: "2026-04-27T16:01:33.493574911Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: kube-prometheus-stack
version: 84.3.0
version: 84.2.1
repository: oci://ghcr.io/prometheus-community/charts
- name: prometheus-operator-crds
version: 28.0.1

6
clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
View File

@@ -98,8 +98,8 @@ kube-prometheus-stack:
namespace: traefik
prometheusSpec:
scrapeInterval: 30s
retention: 60d
retentionSize: 450GiB
retention: 45d
retentionSize: 240GiB
externalUrl: https://prometheus.alexlebens.net
ruleSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false
@@ -112,7 +112,7 @@ kube-prometheus-stack:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 500Gi
storage: 250Gi
ntfy-alertmanager:
global:
fullnameOverride: ntfy-alertmanager

40
clusters/cl01tl/helm/openbao/values.yaml
View File

@@ -120,52 +120,20 @@ openbao:
prometheusRules:
enabled: true
rules:
- alert: openBao-HighResponseTime
- alert: vault-HighResponseTime
annotations:
message: The response time of OpenBao is over 500ms on average over the last 5 minutes.
message: The response time of Vault is over 500ms on average over the last 5 minutes.
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500
for: 5m
labels:
severity: warning
- alert: openBao-HighResponseTime
- alert: vault-HighResponseTime
annotations:
message: The response time of OpenBao is over 1s on average over the last 5 minutes.
message: The response time of Vault is over 1s on average over the last 5 minutes.
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000
for: 5m
labels:
severity: critical
- alert: openBao-Sealed
expr: vault_core_unsealed == 0
for: 1m
labels:
severity: critical
annotations:
summary: OpenBao sealed (instance {{ $labels.instance }})
description: "OpenBao instance is sealed on {{ $labels.instance }}\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: OpenBao-TooManyPendingTokens
expr: avg(vault_token_create_count - vault_token_store_count) > 0
for: 5m
labels:
severity: warning
annotations:
summary: OpenBao too many pending tokens (instance {{ $labels.instance }})
description: "Too many pending tokens on {{ $labels.instance }}: {{ $value }} tokens created but not yet stored.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: OpenBao-TooManyInfinityTokens
expr: vault_token_count_by_ttl{creation_ttl="+Inf"} > 3
for: 5m
labels:
severity: warning
annotations:
summary: OpenBao too many infinity tokens (instance {{ $labels.instance }})
description: "Too many non-expiring tokens on {{ $labels.instance }}: {{ $value }} tokens with infinite TTL.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
- alert: OpenBao-ClusterHealth
expr: sum(vault_core_active) / count(vault_core_active) <= 0.5 and count(vault_core_active) > 0
for: 0m
labels:
severity: critical
annotations:
summary: OpenBao cluster health (instance {{ $labels.instance }})
description: "OpenBao cluster is not healthy: only {{ $value | humanizePercentage }} of nodes are active.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
snapshotAgent:
enabled: true
schedule: 0 4 * * *

2
clusters/cl01tl/helm/paperless-ngx/Chart.yaml
View File

@@ -48,4 +48,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png
# renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx
appVersion: 2.20.15
appVersion: 2.20.14

2
clusters/cl01tl/helm/paperless-ngx/values.yaml
View File

@@ -8,7 +8,7 @@ paperless-ngx:
main:
image:
repository: ghcr.io/paperless-ngx/paperless-ngx
tag: 2.20.15@sha256:6c86cad803970ea782683a8e80e7403444c5bf3cf70de63b4d3c8e87500db92f
tag: 2.20.14@sha256:b89f83345532cfba72690185257eb6c4f92fc2a782332a42abe19c07b7a6595f
env:
- name: PAPERLESS_REDIS
value: redis://paperless-ngx-valkey.paperless-ngx:6379

2
clusters/cl01tl/helm/plex/Chart.yaml
View File

@@ -20,4 +20,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
# renovate: datasource=github-releases depName=linuxserver/docker-plex
appVersion: 1.43.1.10611-1e34174b1-ls303
appVersion: 1.43.1.10611-1e34174b1-ls302

2
clusters/cl01tl/helm/plex/values.yaml
View File

@@ -22,7 +22,7 @@ plex:
main:
image:
repository: ghcr.io/linuxserver/plex
tag: 1.43.1.10611-1e34174b1-ls303@sha256:b785bdd60e781662f16e0526a6b54c07856739df95ab558a674a3c084dbde423
tag: 1.43.1.10611-1e34174b1-ls302@sha256:e5c7c283b242966416a4bed2d666acf6f3fb8f957c704be8333f8dc987364825
env:
- name: TZ
value: America/Chicago

156
clusters/cl01tl/helm/rybbit/templates/prometheus-rule.yaml
View File

@@ -1,156 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: clickhouse
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: clickhouse
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: EmbeddedExporter
rules:
- alert: ClickHouseNodeDown
expr: up{job="clickhouse"} == 0
for: 2m
labels:
severity: critical
annotations:
summary: ClickHouse node down (instance {{ `{{ $labels.instance }}` }})
description: "No metrics received from ClickHouse exporter for over 2 minutes.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseMemoryUsageCritical
expr: ClickHouseAsyncMetrics_CGroupMemoryUsed / ClickHouseAsyncMetrics_CGroupMemoryTotal * 100 > 90 and ClickHouseAsyncMetrics_CGroupMemoryTotal > 0
for: 5m
labels:
severity: critical
annotations:
summary: ClickHouse Memory Usage Critical (instance {{ `{{ $labels.instance }}` }})
description: "Memory usage is critically high, over 90%.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseMemoryUsageWarning
expr: ClickHouseAsyncMetrics_CGroupMemoryUsed / ClickHouseAsyncMetrics_CGroupMemoryTotal * 100 > 80 and ClickHouseAsyncMetrics_CGroupMemoryTotal > 0
for: 5m
labels:
severity: warning
annotations:
summary: ClickHouse Memory Usage Warning (instance {{ `{{ $labels.instance }}` }})
description: "Memory usage is over 80%.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseDiskSpaceLowOnDefault
expr: ClickHouseAsyncMetrics_DiskAvailable_default / (ClickHouseAsyncMetrics_DiskAvailable_default + ClickHouseAsyncMetrics_DiskUsed_default) * 100 < 20 and (ClickHouseAsyncMetrics_DiskAvailable_default + ClickHouseAsyncMetrics_DiskUsed_default) > 0
for: 2m
labels:
severity: warning
annotations:
summary: ClickHouse Disk Space Low on Default (instance {{ `{{ $labels.instance }}` }})
description: "Disk space on default is below 20%.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseDiskSpaceCriticalOnDefault
expr: ClickHouseAsyncMetrics_DiskAvailable_default / (ClickHouseAsyncMetrics_DiskAvailable_default + ClickHouseAsyncMetrics_DiskUsed_default) * 100 < 10 and (ClickHouseAsyncMetrics_DiskAvailable_default + ClickHouseAsyncMetrics_DiskUsed_default) > 0
for: 2m
labels:
severity: critical
annotations:
summary: ClickHouse Disk Space Critical on Default (instance {{ `{{ $labels.instance }}` }})
description: "Disk space on default disk is critically low, below 10%.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseDiskSpaceLowOnBackups
expr: ClickHouseAsyncMetrics_DiskAvailable_backups / (ClickHouseAsyncMetrics_DiskAvailable_backups + ClickHouseAsyncMetrics_DiskUsed_backups) * 100 < 20 and (ClickHouseAsyncMetrics_DiskAvailable_backups + ClickHouseAsyncMetrics_DiskUsed_backups) > 0
for: 2m
labels:
severity: warning
annotations:
summary: ClickHouse Disk Space Low on Backups (instance {{ `{{ $labels.instance }}` }})
description: "Disk space on backups is below 20%.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseReplicaErrors
expr: ClickHouseErrorMetric_ALL_REPLICAS_ARE_STALE == 1 or ClickHouseErrorMetric_ALL_REPLICAS_LOST == 1
for: 0m
labels:
severity: critical
annotations:
summary: ClickHouse Replica Errors (instance {{ `{{ $labels.instance }}` }})
description: "Critical replica errors detected, either all replicas are stale or lost.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseNoAvailableReplicas
expr: ClickHouseErrorMetric_NO_AVAILABLE_REPLICA == 1
for: 0m
labels:
severity: critical
annotations:
summary: ClickHouse No Available Replicas (instance {{ `{{ $labels.instance }}` }})
description: "No available replicas in ClickHouse.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseNoLiveReplicas
expr: ClickHouseErrorMetric_TOO_FEW_LIVE_REPLICAS == 1
for: 0m
labels:
severity: critical
annotations:
summary: ClickHouse No Live Replicas (instance {{ `{{ $labels.instance }}` }})
description: "There are too few live replicas available, risking data loss and service disruption.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseHighTCPConnections
expr: ClickHouseMetrics_TCPConnection > 400
for: 5m
labels:
severity: warning
annotations:
summary: ClickHouse High TCP Connections (instance {{ `{{ $labels.instance }}` }})
description: "High number of TCP connections, indicating heavy client or inter-cluster communication.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseInterserverConnectionIssues
expr: ClickHouseMetrics_InterserverConnection > 50
for: 5m
labels:
severity: warning
annotations:
summary: ClickHouse Interserver Connection Issues (instance {{ `{{ $labels.instance }}` }})
description: "High number of interserver connections may indicate replication or distributed query handling issues.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseZooKeeperConnectionIssues
expr: ClickHouseMetrics_ZooKeeperSession != 1
for: 3m
labels:
severity: warning
annotations:
summary: ClickHouse ZooKeeper Connection Issues (instance {{ `{{ $labels.instance }}` }})
description: "ClickHouse is experiencing issues with ZooKeeper connections, which may affect cluster state and coordination.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseAuthenticationFailures
expr: increase(ClickHouseErrorMetric_AUTHENTICATION_FAILED[5m]) > 3
for: 0m
labels:
severity: info
annotations:
summary: ClickHouse Authentication Failures (instance {{ `{{ $labels.instance }}` }})
description: "Authentication failures detected, indicating potential security issues or misconfiguration.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseAccessDeniedErrors
expr: increase(ClickHouseErrorMetric_RESOURCE_ACCESS_DENIED[5m]) > 3
for: 0m
labels:
severity: info
annotations:
summary: ClickHouse Access Denied Errors (instance {{ `{{ $labels.instance }}` }})
description: "Access denied errors have been logged, which could indicate permission issues or unauthorized access attempts.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseRejectedInsertQueries
expr: increase(ClickHouseProfileEvents_RejectedInserts[1m]) > 2
for: 1m
labels:
severity: warning
annotations:
summary: ClickHouse rejected insert queries (instance {{ `{{ $labels.instance }}` }})
description: "INSERTs rejected due to too many active data parts. Reduce insert frequency.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseDelayedInsertQueries
expr: increase(ClickHouseProfileEvents_DelayedInserts[5m]) > 10
for: 2m
labels:
severity: warning
annotations:
summary: ClickHouse delayed insert queries (instance {{ `{{ $labels.instance }}` }})
description: "INSERTs delayed due to high number of active parts.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseZookeeperHardwareException
expr: increase(ClickHouseProfileEvents_ZooKeeperHardwareExceptions[1m]) > 0
for: 1m
labels:
severity: critical
annotations:
summary: ClickHouse zookeeper hardware exception (instance {{ `{{ $labels.instance }}` }})
description: "Zookeeper hardware exception: network issues communicating with ZooKeeper\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ClickHouseDistributedRejectedInserts
expr: increase(ClickHouseProfileEvents_DistributedRejectedInserts[5m]) > 3
for: 2m
labels:
severity: critical
annotations:
summary: ClickHouse distributed rejected inserts (instance {{ `{{ $labels.instance }}` }})
description: "INSERTs into Distributed tables rejected due to pending bytes limit.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

43
clusters/cl01tl/helm/rybbit/values.yaml
View File

@@ -150,20 +150,19 @@ rybbit:
data:
network.xml: |
<clickhouse>
<listen_host>0.0.0.0</listen_host>
<http_port>8123</http_port>
<listen_host>0.0.0.0</listen_host>
</clickhouse>
enable_json.xml: |
<clickhouse>
<settings>
<enable_json_type>1</enable_json_type>
</settings>
<settings>
<enable_json_type>1</enable_json_type>
</settings>
</clickhouse>
logging_rules.xml: |
<clickhouse>
<logger>
<level>warning</level>
<console>true</console>
<level>warning</level>
<console>true</console>
</logger>
<query_thread_log remove="remove"/>
<query_log remove="remove"/>
@@ -186,17 +185,6 @@ rybbit:
</default>
</profiles>
</clickhouse>
metrics.xml: |
<clickhouse>
<prometheus>
<endpoint>/metrics</endpoint>
<port>9363</port>
<metrics>true</metrics>
<events>true</events>
<asynchronous_metrics>true</asynchronous_metrics>
<errors>true</errors>
</prometheus>
</clickhouse>
service:
backend:
controller: backend
@@ -216,21 +204,6 @@ rybbit:
http:
port: 8123
targetPort: 8123
metrics:
port: 9363
targetPort: 9363
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: rybbit-clickhouse
app.kubernetes.io/instance: rybbit-clickhouse
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 10s
path: /metrics
persistence:
clickhouse:
forceRename: clickhouse-data
@@ -265,10 +238,6 @@ rybbit:
readOnly: true
mountPropagation: None
subPath: user_logging.xml
- path: /etc/clickhouse-server/config.d/metrics.xml
readOnly: true
mountPropagation: None
subPath: metrics.xml
postgres-18-cluster:
mode: recovery
recovery:

4
clusters/cl01tl/helm/secrets-store-csi-driver/values.yaml
View File

@@ -3,12 +3,12 @@ secrets-store-csi-driver:
enabled: true
image:
repository: registry.k8s.io/csi-secrets-store/driver
tag: v1.6.0@sha256:110344819630bfd41e0c6d3f215d325ad1a4d5d5b1d298f8af7d0edf4df64a4e
tag: v1.5.6@sha256:6df2b3b3817136d2ade3d53306dbbd98385c1c01e8b3c373192c0e5b8d183f7b
crds:
enabled: true
image:
repository: registry.k8s.io/csi-secrets-store/driver-crds
tag: v1.6.0@sha256:2419b318a1c17bd741686bf1994cd37cee7162039c019435b8f534f2846fe488
tag: v1.5.6@sha256:d40d9212beb62ee0f9f09b75d024ed807816879f38e75eca309497c3df89568c
driver:
resources:
limits:

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -10,7 +10,7 @@ site-profile:
main:
image:
repository: harbor.alexlebens.net/images/site-profile
tag: 3.18.7@sha256:d2e31d00b58aa8e843eeaa5ba75d1bb73dd9d1587185b82e5451a585285de6a0
tag: 3.18.6@sha256:6aacdb7270d21b02d85cd593999014c91614e70c8f6f84774e532f9141237a6c
resources:
requests:
cpu: 10m

169
clusters/cl01tl/helm/stalwart/templates/prometheus-rule.yaml
View File

@@ -1,169 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: elasticsearch
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: elasticsearch
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: ElasticsearchExporter
rules:
- alert: ElasticsearchHeapUsageTooHigh
expr: (elasticsearch_jvm_memory_used_bytes{area="heap"} / elasticsearch_jvm_memory_max_bytes{area="heap"}) * 100 > 90 and elasticsearch_jvm_memory_max_bytes{area="heap"} > 0
for: 2m
labels:
severity: critical
annotations:
summary: Elasticsearch Heap Usage Too High (instance {{ `{{ $labels.instance }}` }})
description: "The heap usage is over 90%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchHeapUsageWarning
expr: (elasticsearch_jvm_memory_used_bytes{area="heap"} / elasticsearch_jvm_memory_max_bytes{area="heap"}) * 100 > 80 and elasticsearch_jvm_memory_max_bytes{area="heap"} > 0
for: 2m
labels:
severity: warning
annotations:
summary: Elasticsearch Heap Usage warning (instance {{ `{{ $labels.instance }}` }})
description: "The heap usage is over 80%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchDiskOutOfSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes * 100 < 10 and elasticsearch_filesystem_data_size_bytes > 0
for: 0m
labels:
severity: critical
annotations:
summary: Elasticsearch disk out of space (instance {{ `{{ $labels.instance }}` }})
description: "The disk usage is over 90%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchDiskSpaceLow
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes * 100 < 20 and elasticsearch_filesystem_data_size_bytes > 0
for: 2m
labels:
severity: warning
annotations:
summary: Elasticsearch disk space low (instance {{ `{{ $labels.instance }}` }})
description: "The disk usage is over 80%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchClusterRed
expr: elasticsearch_cluster_health_status{color="red"} == 1
for: 0m
labels:
severity: critical
annotations:
summary: Elasticsearch Cluster Red (instance {{ `{{ $labels.instance }}` }})
description: "Elastic Cluster Red status\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchClusterYellow
expr: elasticsearch_cluster_health_status{color="yellow"} == 1
for: 0m
labels:
severity: warning
annotations:
summary: Elasticsearch Cluster Yellow (instance {{ `{{ $labels.instance }}` }})
description: "Elastic Cluster Yellow status\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# 1m delay allows a restart without triggering an alert.
- alert: ElasticsearchHealthyNodes
expr: elasticsearch_cluster_health_number_of_nodes < 3
for: 1m
labels:
severity: critical
annotations:
summary: Elasticsearch Healthy Nodes (instance {{ `{{ $labels.instance }}` }})
description: "Missing node in Elasticsearch cluster\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# 1m delay allows a restart without triggering an alert.
- alert: ElasticsearchHealthyDataNodes
expr: elasticsearch_cluster_health_number_of_data_nodes < 3
for: 1m
labels:
severity: critical
annotations:
summary: Elasticsearch Healthy Data Nodes (instance {{ `{{ $labels.instance }}` }})
description: "Missing data node in Elasticsearch cluster\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchRelocatingShards
expr: elasticsearch_cluster_health_relocating_shards > 0
for: 0m
labels:
severity: info
annotations:
summary: Elasticsearch relocating shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch is relocating shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchRelocatingShardsTooLong
expr: elasticsearch_cluster_health_relocating_shards > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch relocating shards too long (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has been relocating shards for 15min\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchInitializingShards
expr: elasticsearch_cluster_health_initializing_shards > 0
for: 0m
labels:
severity: info
annotations:
summary: Elasticsearch initializing shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch is initializing shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchInitializingShardsTooLong
expr: elasticsearch_cluster_health_initializing_shards > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch initializing shards too long (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has been initializing shards for 15 min\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchUnassignedShards
expr: elasticsearch_cluster_health_unassigned_shards > 0
for: 2m
labels:
severity: critical
annotations:
summary: Elasticsearch unassigned shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has unassigned shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchPendingTasks
expr: elasticsearch_cluster_health_number_of_pending_tasks > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch pending tasks (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has pending tasks. Cluster works slowly.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchNoNewDocuments
expr: increase(elasticsearch_indices_indexing_index_total{es_data_node="true"}[10m]) < 1
for: 0m
labels:
severity: warning
annotations:
summary: Elasticsearch no new documents (instance {{ `{{ $labels.instance }}` }})
description: "No new documents for 10 min!\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 10ms (0.01s) per indexing operation is a rough default. Adjust based on your document size and cluster performance.
- alert: ElasticsearchHighIndexingLatency
expr: rate(elasticsearch_indices_indexing_index_time_seconds_total[5m]) / rate(elasticsearch_indices_indexing_index_total[5m]) > 0.01 and rate(elasticsearch_indices_indexing_index_total[5m]) > 0
for: 10m
labels:
severity: warning
annotations:
summary: Elasticsearch High Indexing Latency (instance {{ `{{ $labels.instance }}` }})
description: "The indexing latency on Elasticsearch cluster is higher than the threshold (current value: {{ `{{ $value }}` }}s).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 10000 ops/s is a rough default. Adjust based on your cluster capacity and expected workload.
- alert: ElasticsearchHighIndexingRate
expr: sum(rate(elasticsearch_indices_indexing_index_total[1m]))> 10000
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Indexing Rate (instance {{ `{{ $labels.instance }}` }})
description: "The indexing rate on Elasticsearch cluster is higher than the threshold.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 100 queries/s is very low for most production clusters. Adjust based on your expected query volume.
- alert: ElasticsearchHighQueryRate
expr: sum(rate(elasticsearch_indices_search_query_total[1m])) > 100
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Query Rate (instance {{ `{{ $labels.instance }}` }})
description: "The query rate on Elasticsearch cluster is higher than the threshold.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchHighQueryLatency
expr: rate(elasticsearch_indices_search_query_time_seconds[1m]) / rate(elasticsearch_indices_search_query_total[1m]) > 1 and rate(elasticsearch_indices_search_query_total[1m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Query Latency (instance {{ `{{ $labels.instance }}` }})
description: "The query latency on Elasticsearch cluster is higher than the threshold (current value: {{ `{{ $value }}` }}s).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

36
clusters/cl01tl/helm/stalwart/values.yaml
View File

@@ -1,7 +1,6 @@
stalwart:
controllers:
main:
forceRename: stalwart
type: deployment
replicas: 1
strategy: Recreate
@@ -14,26 +13,9 @@ stalwart:
requests:
cpu: 10m
memory: 100Mi
metrics:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: quay.io/prometheuscommunity/elasticsearch-exporter
tag: v1.10.0@sha256:a6a4d4403f670faf6a94b8c7f9adbca3ead91f26dd64e5ccf95fa69025dc6e58
args:
- '--es.uri=https://elasticsearch-stalwart-es-http.tubearchivist:9200'
- '--es.ssl-skip-verify'
resources:
requests:
cpu: 1m
memory: 10Mi
service:
main:
controller: main
forceRename: stalwart
ports:
http:
port: 80
@@ -50,24 +32,6 @@ stalwart:
imaps:
port: 993
targetPort: 993
metrics:
controller: metrics
ports:
metrics:
port: 9114
targetPort: 9114
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: stalwart-metrics
app.kubernetes.io/instance: stalwart-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 10s
path: /metrics
route:
main:
kind: HTTPRoute

169
clusters/cl01tl/helm/tubearchivist/templates/prometheus-rule.yaml
View File

@@ -1,169 +0,0 @@
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: elasticsearch
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: elasticsearch
{{- include "custom.labels" . | nindent 4 }}
spec:
groups:
- name: ElasticsearchExporter
rules:
- alert: ElasticsearchHeapUsageTooHigh
expr: (elasticsearch_jvm_memory_used_bytes{area="heap"} / elasticsearch_jvm_memory_max_bytes{area="heap"}) * 100 > 90 and elasticsearch_jvm_memory_max_bytes{area="heap"} > 0
for: 2m
labels:
severity: critical
annotations:
summary: Elasticsearch Heap Usage Too High (instance {{ `{{ $labels.instance }}` }})
description: "The heap usage is over 90%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchHeapUsageWarning
expr: (elasticsearch_jvm_memory_used_bytes{area="heap"} / elasticsearch_jvm_memory_max_bytes{area="heap"}) * 100 > 80 and elasticsearch_jvm_memory_max_bytes{area="heap"} > 0
for: 2m
labels:
severity: warning
annotations:
summary: Elasticsearch Heap Usage warning (instance {{ `{{ $labels.instance }}` }})
description: "The heap usage is over 80%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchDiskOutOfSpace
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes * 100 < 10 and elasticsearch_filesystem_data_size_bytes > 0
for: 0m
labels:
severity: critical
annotations:
summary: Elasticsearch disk out of space (instance {{ `{{ $labels.instance }}` }})
description: "The disk usage is over 90%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchDiskSpaceLow
expr: elasticsearch_filesystem_data_available_bytes / elasticsearch_filesystem_data_size_bytes * 100 < 20 and elasticsearch_filesystem_data_size_bytes > 0
for: 2m
labels:
severity: warning
annotations:
summary: Elasticsearch disk space low (instance {{ `{{ $labels.instance }}` }})
description: "The disk usage is over 80%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchClusterRed
expr: elasticsearch_cluster_health_status{color="red"} == 1
for: 0m
labels:
severity: critical
annotations:
summary: Elasticsearch Cluster Red (instance {{ `{{ $labels.instance }}` }})
description: "Elastic Cluster Red status\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchClusterYellow
expr: elasticsearch_cluster_health_status{color="yellow"} == 1
for: 0m
labels:
severity: warning
annotations:
summary: Elasticsearch Cluster Yellow (instance {{ `{{ $labels.instance }}` }})
description: "Elastic Cluster Yellow status\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# 1m delay allows a restart without triggering an alert.
- alert: ElasticsearchHealthyNodes
expr: elasticsearch_cluster_health_number_of_nodes < 3
for: 1m
labels:
severity: critical
annotations:
summary: Elasticsearch Healthy Nodes (instance {{ `{{ $labels.instance }}` }})
description: "Missing node in Elasticsearch cluster\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# 1m delay allows a restart without triggering an alert.
- alert: ElasticsearchHealthyDataNodes
expr: elasticsearch_cluster_health_number_of_data_nodes < 3
for: 1m
labels:
severity: critical
annotations:
summary: Elasticsearch Healthy Data Nodes (instance {{ `{{ $labels.instance }}` }})
description: "Missing data node in Elasticsearch cluster\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchRelocatingShards
expr: elasticsearch_cluster_health_relocating_shards > 0
for: 0m
labels:
severity: info
annotations:
summary: Elasticsearch relocating shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch is relocating shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchRelocatingShardsTooLong
expr: elasticsearch_cluster_health_relocating_shards > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch relocating shards too long (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has been relocating shards for 15min\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchInitializingShards
expr: elasticsearch_cluster_health_initializing_shards > 0
for: 0m
labels:
severity: info
annotations:
summary: Elasticsearch initializing shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch is initializing shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchInitializingShardsTooLong
expr: elasticsearch_cluster_health_initializing_shards > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch initializing shards too long (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has been initializing shards for 15 min\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchUnassignedShards
expr: elasticsearch_cluster_health_unassigned_shards > 0
for: 2m
labels:
severity: critical
annotations:
summary: Elasticsearch unassigned shards (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has unassigned shards\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchPendingTasks
expr: elasticsearch_cluster_health_number_of_pending_tasks > 0
for: 15m
labels:
severity: warning
annotations:
summary: Elasticsearch pending tasks (instance {{ `{{ $labels.instance }}` }})
description: "Elasticsearch has pending tasks. Cluster works slowly.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchNoNewDocuments
expr: increase(elasticsearch_indices_indexing_index_total{es_data_node="true"}[10m]) < 1
for: 0m
labels:
severity: warning
annotations:
summary: Elasticsearch no new documents (instance {{ `{{ $labels.instance }}` }})
description: "No new documents for 10 min!\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 10ms (0.01s) per indexing operation is a rough default. Adjust based on your document size and cluster performance.
- alert: ElasticsearchHighIndexingLatency
expr: rate(elasticsearch_indices_indexing_index_time_seconds_total[5m]) / rate(elasticsearch_indices_indexing_index_total[5m]) > 0.01 and rate(elasticsearch_indices_indexing_index_total[5m]) > 0
for: 10m
labels:
severity: warning
annotations:
summary: Elasticsearch High Indexing Latency (instance {{ `{{ $labels.instance }}` }})
description: "The indexing latency on Elasticsearch cluster is higher than the threshold (current value: {{ `{{ $value }}` }}s).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 10000 ops/s is a rough default. Adjust based on your cluster capacity and expected workload.
- alert: ElasticsearchHighIndexingRate
expr: sum(rate(elasticsearch_indices_indexing_index_total[1m]))> 10000
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Indexing Rate (instance {{ `{{ $labels.instance }}` }})
description: "The indexing rate on Elasticsearch cluster is higher than the threshold.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
# Threshold of 100 queries/s is very low for most production clusters. Adjust based on your expected query volume.
- alert: ElasticsearchHighQueryRate
expr: sum(rate(elasticsearch_indices_search_query_total[1m])) > 100
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Query Rate (instance {{ `{{ $labels.instance }}` }})
description: "The query rate on Elasticsearch cluster is higher than the threshold.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
- alert: ElasticsearchHighQueryLatency
expr: rate(elasticsearch_indices_search_query_time_seconds[1m]) / rate(elasticsearch_indices_search_query_total[1m]) > 1 and rate(elasticsearch_indices_search_query_total[1m]) > 0
for: 5m
labels:
severity: warning
annotations:
summary: Elasticsearch High Query Latency (instance {{ `{{ $labels.instance }}` }})
description: "The query latency on Elasticsearch cluster is higher than the threshold (current value: {{ `{{ $value }}` }}s).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"

36
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -1,7 +1,6 @@
tubearchivist:
controllers:
main:
forceRename: tubearchivist
type: deployment
replicas: 1
strategy: Recreate
@@ -97,48 +96,13 @@ tubearchivist:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
metrics:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: quay.io/prometheuscommunity/elasticsearch-exporter
tag: v1.10.0@sha256:a6a4d4403f670faf6a94b8c7f9adbca3ead91f26dd64e5ccf95fa69025dc6e58
args:
- '--es.uri=https://elasticsearch-tubearchivist-es-http.tubearchivist:9200'
- '--es.ssl-skip-verify'
resources:
requests:
cpu: 1m
memory: 10Mi
service:
main:
controller: main
forceRename: tubearchivist
ports:
http:
port: 80
targetPort: 24000
metrics:
controller: metrics
ports:
metrics:
port: 9114
targetPort: 9114
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: tubearchivist-metrics
app.kubernetes.io/instance: tubearchivist-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 10s
path: /metrics
route:
main:
kind: HTTPRoute