Tweak probes, add monitoring where it's desired

2025-04-28 19:07:28 +00:00 · 2025-04-28 19:07:28 +00:00 · dcf95ae3ae
commit dcf95ae3ae
parent 774678b0e1
24 changed files with 182 additions and 25 deletions
--- a/redxen/anubis/deployment.yml
+++ b/redxen/anubis/deployment.yml
@ -44,5 +44,5 @@ spec:
          ports:
            - name: http-git
              containerPort: 8923
-            - name: prometheus-anub-git
+            - name: prometheus-anug
              containerPort: 9103
--- a/redxen/anubis/service.yml
+++ b/redxen/anubis/service.yml
@ -14,6 +14,6 @@ spec:
    - name: http-git
      port: 8923
      protocol: TCP
-    - name: prometheus-anub-git
+    - name: prometheus-anug
      port: 9103
      protocol: TCP
--- a/redxen/gitea/deployment.yml
+++ b/redxen/gitea/deployment.yml
@ -73,7 +73,7 @@ spec:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
-          livenessProbe:
+          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
--- a/redxen/grafana/deployment.yml
+++ b/redxen/grafana/deployment.yml
@ -70,7 +70,7 @@ spec:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
-          livenessProbe:
+          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
--- a/redxen/haproxy/deployment.yml
+++ b/redxen/haproxy/deployment.yml
@ -78,7 +78,7 @@ spec:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
-          livenessProbe:
+          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
--- a/redxen/keycloak/deployment.yml
+++ b/redxen/keycloak/deployment.yml
@ -69,7 +69,7 @@ spec:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
-          livenessProbe:
+          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
--- a/redxen/loki/deployment.yml
+++ b/redxen/loki/deployment.yml
@ -51,7 +51,8 @@ spec:
            - name: loki-storage
              mountPath: /var/lib/loki
          ports:
-            - containerPort: 3100
+            - name: http
              containerPort: 3100
          readinessProbe:
            httpGet:
              port: 3100
@ -60,6 +61,25 @@ spec:
            httpGet:
              port: 3100
              path: /ready
        - name: node-exporter
          image: redxen.eu/daemons/node_exporter:latest
          securityContext:
            capabilities:
              drop: ["ALL"]
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          ports:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
          volumeMounts:
            - name: loki-storage
              mountPath: /var/lib/loki
              readOnly: true
      volumes:
        - name: loki-storage
          persistentVolumeClaim:
--- a/redxen/mail/dovecot/deployment.yml
+++ b/redxen/mail/dovecot/deployment.yml
@ -52,6 +52,25 @@ spec:
              containerPort: 11555
            - name: auth
              containerPort: 11666
        - name: node-exporter
          image: redxen.eu/daemons/node_exporter:latest
          securityContext:
            capabilities:
              drop: ["ALL"]
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          ports:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
          volumeMounts:
            - name: mail-storage
              mountPath: /var/mail
              readOnly: true
      volumes:
        - name: mail-storage
          persistentVolumeClaim:
--- a/redxen/mail/dovecot/service.yml
+++ b/redxen/mail/dovecot/service.yml
@ -20,3 +20,6 @@ spec:
    - name: auth
      port: 11666
      protocol: TCP
    - name: prometheus-node
      port: 9100
      protocol: TCP
--- a/redxen/mail/postfix/deployment.yml
+++ b/redxen/mail/postfix/deployment.yml
@ -93,6 +93,21 @@ spec:
          volumeMounts:
            - name: logger-exchange
              mountPath: /var/log/postfix
        - name: node-exporter
          image: redxen.eu/daemons/node_exporter:latest
          securityContext:
            capabilities:
              drop: ["ALL"]
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          ports:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
      volumes:
        - name: postfix-storage
          emptyDir:
--- a/redxen/mail/postfix/service.yml
+++ b/redxen/mail/postfix/service.yml
@ -14,3 +14,6 @@ spec:
    - name: smtp
      port: 25
      protocol: TCP
    - name: prometheus-node
      port: 9100
      protocol: TCP
--- a/redxen/mail/rspamd/deployment.yml
+++ b/redxen/mail/rspamd/deployment.yml
@ -50,10 +50,29 @@ spec:
            - name: rspamd-data
              mountPath: /var/lib/rspamd
          ports:
-            - containerPort: 7510
+            - name: milter
-            - containerPort: 7511
+              containerPort: 7510
-            - containerPort: 7512
+            - name: prometheus-ctrl
-            - containerPort: 7513
+              containerPort: 7512
          livenessProbe:
            httpGet:
              port: 7512
              path: /ping
        - name: node-exporter
          image: redxen.eu/daemons/node_exporter:latest
          securityContext:
            capabilities:
              drop: ["ALL"]
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          ports:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
      volumes:
        - name: rspamd-data
          emptyDir:
--- a/redxen/mail/rspamd/service.yml
+++ b/redxen/mail/rspamd/service.yml
@ -11,15 +11,12 @@ spec:
    app: rspamd
  type: ClusterIP
  ports:
    - name: normal
      port: 7511
      protocol: TCP
    - name: controller
      port: 7512
      protocol: TCP
    - name: proxy
      port: 7510
      protocol: TCP
-    - name: fuzzy
+    - name: prometheus-node
-      port: 7513
+      port: 9100
      protocol: TCP
--- a/redxen/murmur/deployment.yml
+++ b/redxen/murmur/deployment.yml
@ -53,7 +53,7 @@ spec:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
-          livenessProbe:
+          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
--- a/redxen/nsd/deployment.yml
+++ b/redxen/nsd/deployment.yml
@ -65,6 +65,24 @@ spec:
            - name: dns-udp
              protocol: UDP
              containerPort: 53
            - name: prometheus-nsd
              protocol: TCP
              containerPort: 9104
        - name: node-exporter
          image: redxen.eu/daemons/node_exporter:latest
          securityContext:
            capabilities:
              drop: ["ALL"]
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          ports:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
      volumes:
        - name: nsd-db
          emptyDir:
--- a/redxen/postgres_exporter/deployment.yml
+++ b/redxen/postgres_exporter/deployment.yml
@ -25,7 +25,7 @@ spec:
        runAsUser: 10000
        runAsGroup: 10000
      containers:
-        - name: node-exporter
+        - name: postgres-exporter
          image: redxen.eu/daemons/postgres_exporter:latest
          securityContext:
            capabilities:
--- a/redxen/postgresql/deployment.yml
+++ b/redxen/postgresql/deployment.yml
@ -83,7 +83,7 @@ spec:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
-          livenessProbe:
+          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
@ -91,14 +91,10 @@ spec:
            - name: postgresql-storage
              mountPath: /var/lib/postgresql/data
              readOnly: true
            - name: tmpfs-run
              mountPath: /run/postgresql
              readOnly: true
      volumes:
        - name: postgresql-storage
          persistentVolumeClaim:
            claimName: postgresql-pvc
            readOnly: false
        - name: tmpfs-run
          emptyDir:
            medium: Memory
--- a/redxen/prometheus/deployment.yml
+++ b/redxen/prometheus/deployment.yml
@ -57,8 +57,26 @@ spec:
            httpGet:
              port: 9090
              path: /
        - name: node-exporter
          image: redxen.eu/daemons/node_exporter:latest
          securityContext:
            capabilities:
              drop: ["ALL"]
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          ports:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
          volumeMounts:
            - name: prometheus-storage
              mountPath: /var/lib/prometheus
              readOnly: true
      volumes:
        - name: prometheus-storage
          persistentVolumeClaim:
            claimName: prometheus-pvc
            readOnly: false
--- a/redxen/prometheus/service.yml
+++ b/redxen/prometheus/service.yml
@ -14,3 +14,6 @@ spec:
    - name: http
      port: 9090
      protocol: TCP
    - name: prometheus-node
      port: 9100
      protocol: TCP
--- a/redxen/redis/deployment.yml
+++ b/redxen/redis/deployment.yml
@ -55,6 +55,28 @@ spec:
          readinessProbe:
            exec:
              command: ["redis-cli", "ping"]
          livenessProbe:
            exec:
              command: ["redis-cli", "ping"]
        - name: node-exporter
          image: redxen.eu/daemons/node_exporter:latest
          securityContext:
            capabilities:
              drop: ["ALL"]
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          ports:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
          volumeMounts:
            - name: redis-storage
              mountPath: /var/lib/redis
              readOnly: true
      volumes:
        - name: redis-storage
          persistentVolumeClaim:
--- a/redxen/redis/service.yml
+++ b/redxen/redis/service.yml
@ -14,3 +14,6 @@ spec:
    - name: redis
      port: 6379
      protocol: TCP
    - name: prometheus-node
      port: 9100
      protocol: TCP
--- a/redxen/registry/deployment.yml
+++ b/redxen/registry/deployment.yml
@ -64,4 +64,3 @@ spec:
        - name: registry-storage
          persistentVolumeClaim:
            claimName: registry-pvc
            readOnly: false
--- a/redxen/seedbox/transmission/deployment.yml
+++ b/redxen/seedbox/transmission/deployment.yml
@ -76,6 +76,25 @@ spec:
            httpGet:
              port: 80
              path: /
        - name: node-exporter
          image: redxen.eu/daemons/node_exporter:latest
          securityContext:
            capabilities:
              drop: ["ALL"]
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          ports:
            - name: prometheus-node
              containerPort: 9100
              protocol: TCP
          readinessProbe:
            httpGet:
              port: 9100
              path: /metrics
          volumeMounts:
            - name: seedbox-data
              mountPath: /var/data
              readOnly: true
      volumes:
        - name: seedbox-data
          persistentVolumeClaim:
--- a/redxen/seedbox/transmission/service.yml
+++ b/redxen/seedbox/transmission/service.yml
@ -14,3 +14,6 @@ spec:
    - name: http
      port: 80
      protocol: TCP
    - name: prometheus-node
      port: 9100
      protocol: TCP