Port reasonable default values from SCS k8s-observability project

chess-knight · chess-knight · commit db778624a8ac · 2024-02-14T11:42:56.000+01:00
Signed-off-by: Roman Hros &lt;roman.hros@dnation.cloud&gt;
diff --git a/README.md b/README.md
@@ -22,7 +22,9 @@ Prerequisites
 * For production environment we recommend (based on our experience) a kubernetes cluster with at least 2 worker nodes and 4 GiB RAM per node or more.
 
 
-dNation Kubernetes Monitoring Stack umbrella chart is hosted in the [dNation helm repository](https://artifacthub.io/packages/search?repo=dnationcloud). By default, dNation Kubernetes Monitoring Stack installs Prometheus with Thanos sidecar and Thanos Query. For more details check [Multicluster monitoring support](#multicluster-monitoring-support) section.
+dNation Kubernetes Monitoring Stack umbrella chart is hosted in the [dNation helm repository](https://artifacthub.io/packages/search?repo=dnationcloud). By default, dNation Kubernetes Monitoring Stack installs Prometheus with Thanos sidecar and Thanos Query.
+Thanos components are tuned according to [SCS Thanos tuning](https://github.com/SovereignCloudStack/k8s-observability/blob/main/docs/thanos-tuning.md).
+For more details check [Multicluster monitoring support](#multicluster-monitoring-support) section.
 ```bash
 # Add dNation helm repository
 helm repo add dnationcloud https://dnationcloud.github.io/helm-hub/
@@ -119,7 +121,9 @@ kube-prometheus-stack:
       hosts:
         - <grafana-endpoint>
 
-thanos.query.stores: []
+thanos:
+  query:
+    stores: []
 ```
 
 - `thanosStorage.config` field contains configuration of object storage used by thanos components in the observer cluster. More info can be found here: https://thanos.io/tip/thanos/storage.md/
@@ -193,8 +197,10 @@ kube-prometheus-stack:
       hosts:
         - <grafana-endpoint>
 
-thanos.query.stores:
-   - dnssrv+_http-[envoy-name]._tcp.thanos-query-envoy.[namespace].svc.cluster.local
+thanos:
+  query:
+    stores:
+    - dnssrv+_http-[envoy-name]._tcp.thanos-query-envoy.[namespace].svc.cluster.local
 ```
 
 Thanos sidecar in workload clusters is published with an Ingress object with TLS client auth. To trust the observer cluster CA you need to create following two secerets:
@@ -316,6 +322,25 @@ ssl-exporter:
 More information about configuration is in the [helmchart repo](https://github.com/dNationCloud/ssl-exporter)
 and [ribbybibby/ssl_exporter](https://github.com/ribbybibby/ssl_exporter) repo.
 
+# Prometheus Blackbox Exporter
+Our monitoring stack contains a helmchart for
+[prometheus-blackbox-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-blackbox-exporter)
+as an optional component
+## Configuration
+Enable prometheus-blackbox-exporter by adding `--set prometheus-blackbox-exporter.enabled=true` flag to the `helm` command, or enable it in values file.
+You can further configure prometheus-blackbox-exporter with values file, e.g.:
+```yaml
+prometheus-blackbox-exporter:
+  enabled: true
+  serviceMonitor:
+    targets:
+    - name: dnation-cloud
+      url: https://dnation.cloud/
+# enable also dashboards
+dnation-kubernetes-monitoring:
+  blackboxMonitoring:
+    enabled: true
+```
 
 # Contribution guidelines
 If you want to contribute, please read following:
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -15,8 +15,8 @@
 
 apiVersion: v2
 name: dnation-kubernetes-monitoring-stack
-version: 3.4.5
-appVersion: 2.6.3  # dnation-kubernetes-monitoring
+version: 3.5.0
+appVersion: 2.7.0  # dnation-kubernetes-monitoring
 description: An umbrella helm chart for Kubernetes monitoring based on kube-prometheus-stack, thanos, loki, loki-distributed, promtail and dnation-kubernetes-monitoring.
 keywords:
 - dnation
@@ -28,6 +28,7 @@ keywords:
 - loki
 - thanos
 - ssl-exporter
+- blackbox-exporter
 home: https://dnation.cloud
 sources:
 - https://github.com/dNationCloud/kubernetes-monitoring-stack
@@ -53,13 +54,17 @@ dependencies:
   repository: https://grafana.github.io/helm-charts
   condition: promtail.enabled
 - name: dnation-kubernetes-monitoring
-  version: "2.6.*"
+  version: "2.7.*"
   repository: https://dnationcloud.github.io/helm-hub
   condition: dnation-kubernetes-monitoring.enabled
 - name: ssl-exporter
   version: "1.2.*"
   repository: https://dnationcloud.github.io/helm-hub
   condition: ssl-exporter.enabled
+- name: prometheus-blackbox-exporter
+  version: "8.10.*"
+  repository: https://prometheus-community.github.io/helm-charts
+  condition: prometheus-blackbox-exporter.enabled
 icon: https://cdn.ifne.eu/public/icons/dnation_k8sm8g.png
 maintainers:
 - name: dNation
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -51,18 +51,74 @@ ssl-exporter:
   # # Included in default values of ssl-exporter helm chart
   #   - /etc/kubernetes/admin.conf
 
+## Deploy a prometheus-blackbox-exporter
+## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-blackbox-exporter
+##
+prometheus-blackbox-exporter:
+  enabled: false
+  releaseLabel: true
+  prometheusRule:
+    enabled: true
+    additionalLabels:
+      prometheus_rule: '1'
+    rules:
+    - alert: BlackboxProbeFailed
+      expr: 'probe_success == 0'
+      for: 5m
+      labels:
+        severity: critical
+      annotations:
+        message: 'Blackbox probe on target: {{ $labels.target }} failed'
+    - alert: BlackboxSlowProbe
+      expr: 'avg_over_time(probe_duration_seconds[1m]) > 5'
+      for: 5m
+      labels:
+        severity: warning
+      annotations:
+        message: 'Blackbox probe on target: {{ $labels.target }} took more than 5s to complete, probe time = {{ $value }}'
+    - alert: BlackboxSslCertificateWillExpireSoon
+      expr: 'round((probe_ssl_earliest_cert_expiry - time()) / 86400, 0.1) < 30'
+      for: 5m
+      labels:
+        severity: warning
+      annotations:
+        message: 'SSL certificate expires in {{ $value }} days'
+  serviceMonitor:
+    enabled: true
+#    targets:
+#    - name: dnation-cloud
+#      url: https://dnation.cloud/
+
 thanos:
   enabled: true
   queryFrontend:
     enabled: false
+    extraFlags:
+    - --query-range.split-interval=12h
+    - --query-frontend.log-queries-longer-than=10s
+    - --query-frontend.compress-responses
+    - |-
+      --query-range.response-cache-config="config":
+        "max_size": "500MB"
+        "max_size_items": 0
+        "validity": 0s
+      "type": "in-memory"
   query:
+    extraFlags:
+    - --query.auto-downsampling
     dnsDiscovery:
       sidecarsService: kube-prometheus-thanos-discovery
       sidecarsNamespace: "{{ .Release.Namespace }}"
   bucketweb:
     enabled: false
   compactor:
     enabled: false
+    retentionResolutionRaw: 2d
+    retentionResolution5m: 10d
+    retentionResolution1h: 15d
+    extraFlags:
+    - --compact.concurrency=3
+    - --downsample.concurrency=3
   storegateway:
     enabled: false
   ruler:
