From dcf95ae3ae567b7d6acd9e1988b5bcbc436b96aa Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Mon, 28 Apr 2025 19:07:28 +0000 Subject: [PATCH] Tweak probes, add monitoring where it's desired --- redxen/anubis/deployment.yml | 2 +- redxen/anubis/service.yml | 2 +- redxen/gitea/deployment.yml | 2 +- redxen/grafana/deployment.yml | 2 +- redxen/haproxy/deployment.yml | 2 +- redxen/keycloak/deployment.yml | 2 +- redxen/loki/deployment.yml | 22 +++++++++++++++++- redxen/mail/dovecot/deployment.yml | 19 +++++++++++++++ redxen/mail/dovecot/service.yml | 3 +++ redxen/mail/postfix/deployment.yml | 15 ++++++++++++ redxen/mail/postfix/service.yml | 3 +++ redxen/mail/rspamd/deployment.yml | 27 ++++++++++++++++++---- redxen/mail/rspamd/service.yml | 7 ++---- redxen/murmur/deployment.yml | 2 +- redxen/nsd/deployment.yml | 18 +++++++++++++++ redxen/postgres_exporter/deployment.yml | 2 +- redxen/postgresql/deployment.yml | 6 +---- redxen/prometheus/deployment.yml | 20 +++++++++++++++- redxen/prometheus/service.yml | 3 +++ redxen/redis/deployment.yml | 22 ++++++++++++++++++ redxen/redis/service.yml | 3 +++ redxen/registry/deployment.yml | 1 - redxen/seedbox/transmission/deployment.yml | 19 +++++++++++++++ redxen/seedbox/transmission/service.yml | 3 +++ 24 files changed, 182 insertions(+), 25 deletions(-) diff --git a/redxen/anubis/deployment.yml b/redxen/anubis/deployment.yml index 7e54f1c..4e7ee73 100644 --- a/redxen/anubis/deployment.yml +++ b/redxen/anubis/deployment.yml @@ -44,5 +44,5 @@ spec: ports: - name: http-git containerPort: 8923 - - name: prometheus-anub-git + - name: prometheus-anug containerPort: 9103 diff --git a/redxen/anubis/service.yml b/redxen/anubis/service.yml index 20c3824..06cb050 100644 --- a/redxen/anubis/service.yml +++ b/redxen/anubis/service.yml @@ -14,6 +14,6 @@ spec: - name: http-git port: 8923 protocol: TCP - - name: prometheus-anub-git + - name: prometheus-anug port: 9103 protocol: TCP diff --git a/redxen/gitea/deployment.yml b/redxen/gitea/deployment.yml index f4a680e..3d4fdb3 100644 --- a/redxen/gitea/deployment.yml +++ b/redxen/gitea/deployment.yml @@ -73,7 +73,7 @@ spec: - name: prometheus-node containerPort: 9100 protocol: TCP - livenessProbe: + readinessProbe: httpGet: port: 9100 path: /metrics diff --git a/redxen/grafana/deployment.yml b/redxen/grafana/deployment.yml index 71c4b5f..2b8f203 100644 --- a/redxen/grafana/deployment.yml +++ b/redxen/grafana/deployment.yml @@ -70,7 +70,7 @@ spec: - name: prometheus-node containerPort: 9100 protocol: TCP - livenessProbe: + readinessProbe: httpGet: port: 9100 path: /metrics diff --git a/redxen/haproxy/deployment.yml b/redxen/haproxy/deployment.yml index b762c54..5628eba 100644 --- a/redxen/haproxy/deployment.yml +++ b/redxen/haproxy/deployment.yml @@ -78,7 +78,7 @@ spec: - name: prometheus-node containerPort: 9100 protocol: TCP - livenessProbe: + readinessProbe: httpGet: port: 9100 path: /metrics diff --git a/redxen/keycloak/deployment.yml b/redxen/keycloak/deployment.yml index 728c27a..31d1ed7 100644 --- a/redxen/keycloak/deployment.yml +++ b/redxen/keycloak/deployment.yml @@ -69,7 +69,7 @@ spec: - name: prometheus-node containerPort: 9100 protocol: TCP - livenessProbe: + readinessProbe: httpGet: port: 9100 path: /metrics diff --git a/redxen/loki/deployment.yml b/redxen/loki/deployment.yml index d691026..eec0a0f 100644 --- a/redxen/loki/deployment.yml +++ b/redxen/loki/deployment.yml @@ -51,7 +51,8 @@ spec: - name: loki-storage mountPath: /var/lib/loki ports: - - containerPort: 3100 + - name: http + containerPort: 3100 readinessProbe: httpGet: port: 3100 @@ -60,6 +61,25 @@ spec: httpGet: port: 3100 path: /ready + - name: node-exporter + image: redxen.eu/daemons/node_exporter:latest + securityContext: + capabilities: + drop: ["ALL"] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - name: prometheus-node + containerPort: 9100 + protocol: TCP + readinessProbe: + httpGet: + port: 9100 + path: /metrics + volumeMounts: + - name: loki-storage + mountPath: /var/lib/loki + readOnly: true volumes: - name: loki-storage persistentVolumeClaim: diff --git a/redxen/mail/dovecot/deployment.yml b/redxen/mail/dovecot/deployment.yml index 8601f4f..6a836db 100644 --- a/redxen/mail/dovecot/deployment.yml +++ b/redxen/mail/dovecot/deployment.yml @@ -52,6 +52,25 @@ spec: containerPort: 11555 - name: auth containerPort: 11666 + - name: node-exporter + image: redxen.eu/daemons/node_exporter:latest + securityContext: + capabilities: + drop: ["ALL"] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - name: prometheus-node + containerPort: 9100 + protocol: TCP + readinessProbe: + httpGet: + port: 9100 + path: /metrics + volumeMounts: + - name: mail-storage + mountPath: /var/mail + readOnly: true volumes: - name: mail-storage persistentVolumeClaim: diff --git a/redxen/mail/dovecot/service.yml b/redxen/mail/dovecot/service.yml index 190a1ed..77182db 100644 --- a/redxen/mail/dovecot/service.yml +++ b/redxen/mail/dovecot/service.yml @@ -20,3 +20,6 @@ spec: - name: auth port: 11666 protocol: TCP + - name: prometheus-node + port: 9100 + protocol: TCP diff --git a/redxen/mail/postfix/deployment.yml b/redxen/mail/postfix/deployment.yml index f3ca91f..936e3a4 100644 --- a/redxen/mail/postfix/deployment.yml +++ b/redxen/mail/postfix/deployment.yml @@ -93,6 +93,21 @@ spec: volumeMounts: - name: logger-exchange mountPath: /var/log/postfix + - name: node-exporter + image: redxen.eu/daemons/node_exporter:latest + securityContext: + capabilities: + drop: ["ALL"] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - name: prometheus-node + containerPort: 9100 + protocol: TCP + readinessProbe: + httpGet: + port: 9100 + path: /metrics volumes: - name: postfix-storage emptyDir: diff --git a/redxen/mail/postfix/service.yml b/redxen/mail/postfix/service.yml index f4c14c6..5871869 100644 --- a/redxen/mail/postfix/service.yml +++ b/redxen/mail/postfix/service.yml @@ -14,3 +14,6 @@ spec: - name: smtp port: 25 protocol: TCP + - name: prometheus-node + port: 9100 + protocol: TCP diff --git a/redxen/mail/rspamd/deployment.yml b/redxen/mail/rspamd/deployment.yml index 00f07e1..25f9051 100644 --- a/redxen/mail/rspamd/deployment.yml +++ b/redxen/mail/rspamd/deployment.yml @@ -50,10 +50,29 @@ spec: - name: rspamd-data mountPath: /var/lib/rspamd ports: - - containerPort: 7510 - - containerPort: 7511 - - containerPort: 7512 - - containerPort: 7513 + - name: milter + containerPort: 7510 + - name: prometheus-ctrl + containerPort: 7512 + livenessProbe: + httpGet: + port: 7512 + path: /ping + - name: node-exporter + image: redxen.eu/daemons/node_exporter:latest + securityContext: + capabilities: + drop: ["ALL"] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - name: prometheus-node + containerPort: 9100 + protocol: TCP + readinessProbe: + httpGet: + port: 9100 + path: /metrics volumes: - name: rspamd-data emptyDir: diff --git a/redxen/mail/rspamd/service.yml b/redxen/mail/rspamd/service.yml index 5c70538..c06f2ea 100644 --- a/redxen/mail/rspamd/service.yml +++ b/redxen/mail/rspamd/service.yml @@ -11,15 +11,12 @@ spec: app: rspamd type: ClusterIP ports: - - name: normal - port: 7511 - protocol: TCP - name: controller port: 7512 protocol: TCP - name: proxy port: 7510 protocol: TCP - - name: fuzzy - port: 7513 + - name: prometheus-node + port: 9100 protocol: TCP diff --git a/redxen/murmur/deployment.yml b/redxen/murmur/deployment.yml index 705b2cc..6862e0d 100644 --- a/redxen/murmur/deployment.yml +++ b/redxen/murmur/deployment.yml @@ -53,7 +53,7 @@ spec: - name: prometheus-node containerPort: 9100 protocol: TCP - livenessProbe: + readinessProbe: httpGet: port: 9100 path: /metrics diff --git a/redxen/nsd/deployment.yml b/redxen/nsd/deployment.yml index ceac7da..1934ec8 100644 --- a/redxen/nsd/deployment.yml +++ b/redxen/nsd/deployment.yml @@ -65,6 +65,24 @@ spec: - name: dns-udp protocol: UDP containerPort: 53 + - name: prometheus-nsd + protocol: TCP + containerPort: 9104 + - name: node-exporter + image: redxen.eu/daemons/node_exporter:latest + securityContext: + capabilities: + drop: ["ALL"] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - name: prometheus-node + containerPort: 9100 + protocol: TCP + readinessProbe: + httpGet: + port: 9100 + path: /metrics volumes: - name: nsd-db emptyDir: diff --git a/redxen/postgres_exporter/deployment.yml b/redxen/postgres_exporter/deployment.yml index 8a060f7..806089d 100644 --- a/redxen/postgres_exporter/deployment.yml +++ b/redxen/postgres_exporter/deployment.yml @@ -25,7 +25,7 @@ spec: runAsUser: 10000 runAsGroup: 10000 containers: - - name: node-exporter + - name: postgres-exporter image: redxen.eu/daemons/postgres_exporter:latest securityContext: capabilities: diff --git a/redxen/postgresql/deployment.yml b/redxen/postgresql/deployment.yml index 73115d0..b37d5bc 100644 --- a/redxen/postgresql/deployment.yml +++ b/redxen/postgresql/deployment.yml @@ -83,7 +83,7 @@ spec: - name: prometheus-node containerPort: 9100 protocol: TCP - livenessProbe: + readinessProbe: httpGet: port: 9100 path: /metrics @@ -91,14 +91,10 @@ spec: - name: postgresql-storage mountPath: /var/lib/postgresql/data readOnly: true - - name: tmpfs-run - mountPath: /run/postgresql - readOnly: true volumes: - name: postgresql-storage persistentVolumeClaim: claimName: postgresql-pvc - readOnly: false - name: tmpfs-run emptyDir: medium: Memory diff --git a/redxen/prometheus/deployment.yml b/redxen/prometheus/deployment.yml index 9b28479..72c7235 100644 --- a/redxen/prometheus/deployment.yml +++ b/redxen/prometheus/deployment.yml @@ -57,8 +57,26 @@ spec: httpGet: port: 9090 path: / + - name: node-exporter + image: redxen.eu/daemons/node_exporter:latest + securityContext: + capabilities: + drop: ["ALL"] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - name: prometheus-node + containerPort: 9100 + protocol: TCP + readinessProbe: + httpGet: + port: 9100 + path: /metrics + volumeMounts: + - name: prometheus-storage + mountPath: /var/lib/prometheus + readOnly: true volumes: - name: prometheus-storage persistentVolumeClaim: claimName: prometheus-pvc - readOnly: false diff --git a/redxen/prometheus/service.yml b/redxen/prometheus/service.yml index e9d10e8..a1fddf4 100644 --- a/redxen/prometheus/service.yml +++ b/redxen/prometheus/service.yml @@ -14,3 +14,6 @@ spec: - name: http port: 9090 protocol: TCP + - name: prometheus-node + port: 9100 + protocol: TCP diff --git a/redxen/redis/deployment.yml b/redxen/redis/deployment.yml index e9b0858..8e9cc37 100644 --- a/redxen/redis/deployment.yml +++ b/redxen/redis/deployment.yml @@ -55,6 +55,28 @@ spec: readinessProbe: exec: command: ["redis-cli", "ping"] + livenessProbe: + exec: + command: ["redis-cli", "ping"] + - name: node-exporter + image: redxen.eu/daemons/node_exporter:latest + securityContext: + capabilities: + drop: ["ALL"] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - name: prometheus-node + containerPort: 9100 + protocol: TCP + readinessProbe: + httpGet: + port: 9100 + path: /metrics + volumeMounts: + - name: redis-storage + mountPath: /var/lib/redis + readOnly: true volumes: - name: redis-storage persistentVolumeClaim: diff --git a/redxen/redis/service.yml b/redxen/redis/service.yml index f33eae2..bf91cb9 100644 --- a/redxen/redis/service.yml +++ b/redxen/redis/service.yml @@ -14,3 +14,6 @@ spec: - name: redis port: 6379 protocol: TCP + - name: prometheus-node + port: 9100 + protocol: TCP diff --git a/redxen/registry/deployment.yml b/redxen/registry/deployment.yml index c08d493..30c3382 100644 --- a/redxen/registry/deployment.yml +++ b/redxen/registry/deployment.yml @@ -64,4 +64,3 @@ spec: - name: registry-storage persistentVolumeClaim: claimName: registry-pvc - readOnly: false diff --git a/redxen/seedbox/transmission/deployment.yml b/redxen/seedbox/transmission/deployment.yml index f3da7a9..6d6d28e 100644 --- a/redxen/seedbox/transmission/deployment.yml +++ b/redxen/seedbox/transmission/deployment.yml @@ -76,6 +76,25 @@ spec: httpGet: port: 80 path: / + - name: node-exporter + image: redxen.eu/daemons/node_exporter:latest + securityContext: + capabilities: + drop: ["ALL"] + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + ports: + - name: prometheus-node + containerPort: 9100 + protocol: TCP + readinessProbe: + httpGet: + port: 9100 + path: /metrics + volumeMounts: + - name: seedbox-data + mountPath: /var/data + readOnly: true volumes: - name: seedbox-data persistentVolumeClaim: diff --git a/redxen/seedbox/transmission/service.yml b/redxen/seedbox/transmission/service.yml index 0a68b72..7edb2d1 100644 --- a/redxen/seedbox/transmission/service.yml +++ b/redxen/seedbox/transmission/service.yml @@ -14,3 +14,6 @@ spec: - name: http port: 80 protocol: TCP + - name: prometheus-node + port: 9100 + protocol: TCP