diff --git a/docs/monitoring.md b/docs/monitoring.md index 379a68a5..d1677b3e 100644 --- a/docs/monitoring.md +++ b/docs/monitoring.md @@ -46,7 +46,10 @@ prometheus: # Alerts -Some Helm charts provide a default set of prometheusRules for alerting; enable it by: +openDesk ships with a set of Prometheus alerting rules that are specific to the operation of openDesk. +Some of these are created by our partners while others are defined in [opendesk-alerts](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-alerts). + +All alert rules are deployed as [PrometheusRule](https://prometheus-operator.dev/docs/api-reference/api/#monitoring.coreos.com/v1.PrometheusRule) and can be enabled like this: ```yaml prometheus: diff --git a/helmfile/apps/services/helmfile-child.yaml.gotmpl b/helmfile/apps/services/helmfile-child.yaml.gotmpl index 04a42b27..08edcac3 100644 --- a/helmfile/apps/services/helmfile-child.yaml.gotmpl +++ b/helmfile/apps/services/helmfile-child.yaml.gotmpl @@ -89,6 +89,16 @@ repositories: oci: true url: "{{ .Values.global.helmRegistry | default .Values.charts.clamavSimple.registry }}/{{ .Values.charts.clamavSimple.repository }}" + # openDesk Alerts + # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-alerts + - name: "opendesk-alerts-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.opendeskAlerts.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskAlerts.registry }}/{{ .Values.charts.opendeskAlerts.repository }}" + # VMWare Bitnami # Source: https://github.com/bitnami/charts/ - name: "memcached-repo" @@ -158,6 +168,17 @@ releases: installed: {{ .Values.certificates.enabled }} timeout: 900 + - name: "opendesk-alerts" + chart: "opendesk-alerts-repo/{{ .Values.charts.opendeskAlerts.name }}" + version: "{{ .Values.charts.opendeskAlerts.version }}" + values: + - "values-opendesk-alerts.yaml.gotmpl" + {{ range .Values.customization.release.opendeskAlerts}} + - {{ . }} + {{ end }} + installed: {{ .Values.monitoring.prometheus.prometheusRules.enabled }} + timeout: 900 + - name: "redis" chart: "redis-repo/{{ .Values.charts.redis.name }}" version: "{{ .Values.charts.redis.version }}" diff --git a/helmfile/apps/services/values-opendesk-alerts.yaml.gotmpl b/helmfile/apps/services/values-opendesk-alerts.yaml.gotmpl new file mode 100644 index 00000000..c7c08ed0 --- /dev/null +++ b/helmfile/apps/services/values-opendesk-alerts.yaml.gotmpl @@ -0,0 +1,52 @@ +{{/* +SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +additionalAnnotations: + {{ .Values.monitoring.prometheus.prometheusRules.annotations | toYaml | nindent 2 }} +additionalLabels: + {{ .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 2 }} + +config: + collabora: + enable: {{ .Values.collabora.enabled }} + selectors: + namespace: {{ .Values.collabora.namespace | quote }} + matrix: + enable: {{ .Values.element.enabled }} + selectors: + namespace: {{ .Values.element.namespace | quote }} + diagrams: + enable: {{ .Values.cryptpad.enabled }} + selectors: + namespace: {{ .Values.cryptpad.namespace | quote }} + nextcloud: + enable: {{ .Values.nextcloud.enabled }} + selectors: + namespace: {{ .Values.nextcloud.namespace | quote }} + openXChange: + enable: {{ .Values.oxAppSuite.enabled }} + selectors: + namespace: {{ .Values.oxAppSuite.namespace | quote }} + xwiki: + enable: {{ .Values.xwiki.enabled }} + selectors: + namespace: {{ .Values.xwiki.namespace | quote }} + nubus: + enable: {{ .Values.nubus.enabled }} + selectors: + namespace: {{ .Values.nubus.namespace | quote }} + openProject: + enable: {{ .Values.openproject.enabled }} + selectors: + namespace: {{ .Values.openproject.namespace | quote }} + jitsi: + enable: {{ .Values.jitsi.enabled }} + selectors: + namespace: {{ .Values.jitsi.namespace | quote }} + collabora: + enable: {{ .Values.collabora.enabled }} + selectors: + namespace: {{ .Values.collabora.namespace | quote }} + diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index 29d1dd7d..1dfa6079 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -296,6 +296,16 @@ charts: name: "nubus" version: "0.64.2" verify: true + opendeskAlerts: + # providerCategory: "Platform" + # providerResponsible: "openDesk" + # upstreamRegistry: "https://registry.opencode.de" + # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-alerts" + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/platform-development/charts/opendesk-alerts" + name: "opendesk-alerts" + version: "1.1.0" + verify: true opendeskKeycloakBootstrap: # providerCategory: "Platform" # providerResponsible: "openDesk" diff --git a/helmfile/environments/default/customization.yaml b/helmfile/environments/default/customization.yaml index b64c6319..4f214d0b 100644 --- a/helmfile/environments/default/customization.yaml +++ b/helmfile/environments/default/customization.yaml @@ -52,6 +52,7 @@ customization: opendeskOtterize: {} opendeskHome: {} opendeskCertificates: {} + opendeskAlerts: {} redis: {} memcached: {} postgresql: {} diff --git a/helmfile/environments/default/monitoring.yaml b/helmfile/environments/default/monitoring.yaml index 131fe9db..9f19dfdd 100644 --- a/helmfile/environments/default/monitoring.yaml +++ b/helmfile/environments/default/monitoring.yaml @@ -13,6 +13,7 @@ monitoring: release: "kube-prometheus-stack" prometheusRules: enabled: false + annotations: {} labels: release: "kube-prometheus-stack"