video-iac/k8s/monitoring/values-production.yaml

# Helm chart values for Prometheus Operator with HTTPS and basic auth
# Explicitly enable RBAC resource creation
rbac:
  create: true


kube-prometheus-stack:

  # Disable the default ServiceMonitor configuration paths to prevent duplicates
  prometheus-node-exporter:
    serviceMonitor:
      enabled: false
  nodeExporter:
    serviceMonitor:
      enabled: false

  prometheus:
    ingress:
      enabled: true
      pathType: Prefix
      annotations:
        kubernetes.io/ingress.class: nginx
        #nginx.ingress.kubernetes.io/rewrite-target: /$2
        cert-manager.io/cluster-issuer: letsencrypt-nginx-production
        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
        nginx.ingress.kubernetes.io/auth-type: basic
        nginx.ingress.kubernetes.io/auth-secret: monitoring-basic-auth 
        nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
      hosts:
      - monitoring.video.jamkazam.com
      paths:
      - /prometheus
      tls:
      - secretName: monitoring
        hosts:
        - monitoring.video.jamkazam.com
    prometheusSpec:
      retention: 60d
      retentionSize: 20GB
      routePrefix: /prometheus
      externalUrl: https://monitoring.video.jamkazam.com/prometheus
      storageSpec:
        volumeClaimTemplate:
          spec:
            storageClassName: linode-block-storage-retain
            resources:
              requests:
                storage: 30Gi
      # 2. !!! CRUCIAL: Ensure the default ServiceMonitor is ignored !!!
      # This prevents duplicate metrics by telling Prometheus to ignore the default SM.
      serviceMonitorSelector:
        matchExpressions:
          # Exclude the default node-exporter ServiceMonitor
          - key: app.kubernetes.io/name
            operator: NotIn
            values:
              # Use the label identified above
              - prometheus-node-exporter
      serviceMonitorNamespaceSelector:
        matchExpressions:
          - key: kubernetes.io/metadata.name
            operator: In
            values:
              - monitoring  # Its own namespace
              - webrtc-be   # Your app's namespace
      # Add the manual scrape configuration
      additionalScrapeConfigs:
        - job_name: 'node-exporter'
          kubernetes_sd_configs:
            - role: endpoints
          
          relabel_configs:
            # 1. Filter: Precisely target the node-exporter service in the monitoring namespace.
            - source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name]
              separator: '/'
              # Assuming the service name is 'monitoring-prometheus-node-exporter'
              regex: 'monitoring/monitoring-prometheus-node-exporter'
              action: keep
            
            # 2. Filter: Ensure we are targeting the standard port (usually 9100)
            - source_labels: [__address__]
              regex: '.*:9100$' 
              action: keep

            # 3. THE FIX: Set the instance label correctly
            - source_labels: [__meta_kubernetes_endpoint_node_name]
              target_label: instance
              action: replace
            - source_labels: [__address__]
              target_label: ip_address
              action: replace

            # 4. Replicate standard labels for dashboard compatibility
            - action: labelmap
              regex: __meta_kubernetes_pod_label_(.+)
            # Ensure standard labels are present for dashboard compatibility
            - source_labels: [__meta_kubernetes_namespace]
              target_label: namespace
            - source_labels: [__meta_kubernetes_pod_name]
              target_label: pod
            - source_labels: [__meta_kubernetes_endpoint_node_name]
              target_label: node
  alertmanager:
    ingress:
      enabled: true
      pathType: Prefix
      annotations:
        kubernetes.io/ingress.class: nginx
        #nginx.ingress.kubernetes.io/rewrite-target: /$2
        cert-manager.io/cluster-issuer: letsencrypt-nginx-production
        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
        nginx.ingress.kubernetes.io/auth-type: basic
        nginx.ingress.kubernetes.io/auth-secret: monitoring-basic-auth 
        nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
      hosts:
      - monitoring.video.jamkazam.com
      paths:
      - /alertmanager
      tls:
      - secretName: monitoring
        hosts:
        - monitoring.video.jamkazam.com
    alertmanagerSpec:
      routePrefix: /alertmanager
      externalUrl: https://monitoring.video.jamkazam.com/alertmanager
      storage:
        volumeClaimTemplate:
          spec:
            storageClassName: linode-block-storage-retain
            resources:
              requests:
                storage: 30Gi

    config:
      global:
        resolve_timeout: 5m
        smtp_smarthost: 'email-smtp.us-east-1.amazonaws.com:587'
        smtp_from: 'support@jamkazam.com'
        smtp_auth_username: 'ses-smtp-user.20251206-174105'
        smtp_auth_password: 'BEeyqbF7U/2BvCxXVU672geq1c9fXKisAw+gM5J+vaZi'
        smtp_require_tls: true
      route:
        group_by: ['job']
        group_wait: 30s
        group_interval: 5m
        repeat_interval: 12h
        receiver: 'null'
        routes:
        - match:
            alertname: WebrtcBeCrashed
          receiver: 'email-alerts'
      receivers:
      - name: 'null'
      - name: 'email-alerts'
        email_configs:
        - to: 'alerts@jamkazam.com'
          send_resolved: true
  grafana:
    persistence:
      enabled: true
      storageClassName: linode-block-storage-retain
      size: 30Gi
    ingress:
      enabled: true
      pathType: Prefix
      annotations:
        kubernetes.io/ingress.class: nginx
        #nginx.ingress.kubernetes.io/rewrite-target: /$2
        cert-manager.io/cluster-issuer: letsencrypt-nginx-production
        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
        #nginx.ingress.kubernetes.io/auth-type: basic
        #nginx.ingress.kubernetes.io/auth-secret: monitoring-basic-auth 
        #nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'
      hosts:
      - monitoring.video.jamkazam.com
      path: /grafana
      tls:
      - secretName: monitoring
        hosts:
        - monitoring.video.jamkazam.com
    grafana.ini:
      server:
        domain: monitoring.video.jamkazam.com
        root_url: "%(protocol)s://%(domain)s/grafana/"
        enable_gzip: "true"
        serve_from_sub_path: true
    sidecar:
      dashboards:
        enabled: true
        label: grafana_dashboard
        searchNamespace: ALL
    additionalDataSources:
    - name: Loki
      type: loki
      url: http://loki.loki.svc:3100
      access: proxy
      isDefault: true

  # Disable control plane metrics
  kubeEtcd:
    enabled: false

  kubeControllerManager:
    enabled: false

  kubeScheduler:
    enabled: false
add production values 2021-11-18 07:15:38 +00:00			`# Helm chart values for Prometheus Operator with HTTPS and basic auth`
healthcheck and monitoring 2025-10-05 22:43:16 +00:00			`# Explicitly enable RBAC resource creation`
			`rbac:`
			`create: true`


add production values 2021-11-18 07:15:38 +00:00			`kube-prometheus-stack:`
healthcheck and monitoring 2025-10-05 22:43:16 +00:00
			`# Disable the default ServiceMonitor configuration paths to prevent duplicates`
			`prometheus-node-exporter:`
			`serviceMonitor:`
			`enabled: false`
pause 2025-08-02 16:42:45 +00:00			`nodeExporter:`
			`serviceMonitor:`
healthcheck and monitoring 2025-10-05 22:43:16 +00:00			`enabled: false`

add production values 2021-11-18 07:15:38 +00:00			`prometheus:`
			`ingress:`
			`enabled: true`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`pathType: Prefix`
add production values 2021-11-18 07:15:38 +00:00			`annotations:`
			`kubernetes.io/ingress.class: nginx`
Update rewrite rules to allow public access to grafana 2025-08-02 16:33:06 +00:00			`#nginx.ingress.kubernetes.io/rewrite-target: /$2`
add production values 2021-11-18 07:15:38 +00:00			`cert-manager.io/cluster-issuer: letsencrypt-nginx-production`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`nginx.ingress.kubernetes.io/backend-protocol: "HTTP"`
Update rewrite rules to allow public access to grafana 2025-08-02 16:33:06 +00:00			`nginx.ingress.kubernetes.io/auth-type: basic`
			`nginx.ingress.kubernetes.io/auth-secret: monitoring-basic-auth`
			`nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'`
add production values 2021-11-18 07:15:38 +00:00			`hosts:`
			`- monitoring.video.jamkazam.com`
			`paths:`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`- /prometheus`
add production values 2021-11-18 07:15:38 +00:00			`tls:`
			`- secretName: monitoring`
			`hosts:`
			`- monitoring.video.jamkazam.com`
			`prometheusSpec:`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`retention: 60d`
			`retentionSize: 20GB`
Update rewrite rules to allow public access to grafana 2025-08-02 16:33:06 +00:00			`routePrefix: /prometheus`
add production values 2021-11-18 07:15:38 +00:00			`externalUrl: https://monitoring.video.jamkazam.com/prometheus`
			`storageSpec:`
			`volumeClaimTemplate:`
			`spec:`
			`storageClassName: linode-block-storage-retain`
			`resources:`
			`requests:`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`storage: 30Gi`
healthcheck and monitoring 2025-10-05 22:43:16 +00:00			`# 2. !!! CRUCIAL: Ensure the default ServiceMonitor is ignored !!!`
			`# This prevents duplicate metrics by telling Prometheus to ignore the default SM.`
			`serviceMonitorSelector:`
			`matchExpressions:`
			`# Exclude the default node-exporter ServiceMonitor`
			`- key: app.kubernetes.io/name`
			`operator: NotIn`
			`values:`
			`# Use the label identified above`
			`- prometheus-node-exporter`
scrap metrics for webrtc-be 2025-11-17 00:03:34 +00:00			`serviceMonitorNamespaceSelector:`
			`matchExpressions:`
			`- key: kubernetes.io/metadata.name`
			`operator: In`
			`values:`
			`- monitoring # Its own namespace`
			`- webrtc-be # Your app's namespace`
healthcheck and monitoring 2025-10-05 22:43:16 +00:00			`# Add the manual scrape configuration`
			`additionalScrapeConfigs:`
			`- job_name: 'node-exporter'`
			`kubernetes_sd_configs:`
			`- role: endpoints`

			`relabel_configs:`
			`# 1. Filter: Precisely target the node-exporter service in the monitoring namespace.`
			`- source_labels: [__meta_kubernetes_namespace, __meta_kubernetes_service_name]`
			`separator: '/'`
			`# Assuming the service name is 'monitoring-prometheus-node-exporter'`
			`regex: 'monitoring/monitoring-prometheus-node-exporter'`
			`action: keep`

			`# 2. Filter: Ensure we are targeting the standard port (usually 9100)`
			`- source_labels: [__address__]`
			`regex: '.*:9100$'`
			`action: keep`

			`# 3. THE FIX: Set the instance label correctly`
			`- source_labels: [__meta_kubernetes_endpoint_node_name]`
			`target_label: instance`
			`action: replace`
			`- source_labels: [__address__]`
			`target_label: ip_address`
			`action: replace`
add production values 2021-11-18 07:15:38 +00:00
healthcheck and monitoring 2025-10-05 22:43:16 +00:00			`# 4. Replicate standard labels for dashboard compatibility`
			`- action: labelmap`
			`regex: __meta_kubernetes_pod_label_(.+)`
			`# Ensure standard labels are present for dashboard compatibility`
			`- source_labels: [__meta_kubernetes_namespace]`
			`target_label: namespace`
			`- source_labels: [__meta_kubernetes_pod_name]`
			`target_label: pod`
			`- source_labels: [__meta_kubernetes_endpoint_node_name]`
			`target_label: node`
add production values 2021-11-18 07:15:38 +00:00			`alertmanager:`
			`ingress:`
			`enabled: true`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`pathType: Prefix`
add production values 2021-11-18 07:15:38 +00:00			`annotations:`
			`kubernetes.io/ingress.class: nginx`
Update rewrite rules to allow public access to grafana 2025-08-02 16:33:06 +00:00			`#nginx.ingress.kubernetes.io/rewrite-target: /$2`
add production values 2021-11-18 07:15:38 +00:00			`cert-manager.io/cluster-issuer: letsencrypt-nginx-production`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`nginx.ingress.kubernetes.io/backend-protocol: "HTTP"`
Update rewrite rules to allow public access to grafana 2025-08-02 16:33:06 +00:00			`nginx.ingress.kubernetes.io/auth-type: basic`
			`nginx.ingress.kubernetes.io/auth-secret: monitoring-basic-auth`
			`nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'`
add production values 2021-11-18 07:15:38 +00:00			`hosts:`
			`- monitoring.video.jamkazam.com`
			`paths:`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`- /alertmanager`
add production values 2021-11-18 07:15:38 +00:00			`tls:`
			`- secretName: monitoring`
			`hosts:`
			`- monitoring.video.jamkazam.com`
			`alertmanagerSpec:`
Update rewrite rules to allow public access to grafana 2025-08-02 16:33:06 +00:00			`routePrefix: /alertmanager`
			`externalUrl: https://monitoring.video.jamkazam.com/alertmanager`
add production values 2021-11-18 07:15:38 +00:00			`storage:`
			`volumeClaimTemplate:`
			`spec:`
			`storageClassName: linode-block-storage-retain`
			`resources:`
			`requests:`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`storage: 30Gi`
add production values 2021-11-18 07:15:38 +00:00
Attem to deploy loki and promtail 2025-12-06 23:42:59 +00:00			`config:`
			`global:`
			`resolve_timeout: 5m`
			`smtp_smarthost: 'email-smtp.us-east-1.amazonaws.com:587'`
			`smtp_from: 'support@jamkazam.com'`
			`smtp_auth_username: 'ses-smtp-user.20251206-174105'`
			`smtp_auth_password: 'BEeyqbF7U/2BvCxXVU672geq1c9fXKisAw+gM5J+vaZi'`
			`smtp_require_tls: true`
			`route:`
			`group_by: ['job']`
			`group_wait: 30s`
			`group_interval: 5m`
			`repeat_interval: 12h`
			`receiver: 'null'`
			`routes:`
			`- match:`
			`alertname: WebrtcBeCrashed`
			`receiver: 'email-alerts'`
			`receivers:`
			`- name: 'null'`
			`- name: 'email-alerts'`
			`email_configs:`
			`- to: 'alerts@jamkazam.com'`
			`send_resolved: true`
add production values 2021-11-18 07:15:38 +00:00			`grafana:`
			`persistence:`
			`enabled: true`
			`storageClassName: linode-block-storage-retain`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`size: 30Gi`
add production values 2021-11-18 07:15:38 +00:00			`ingress:`
			`enabled: true`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`pathType: Prefix`
add production values 2021-11-18 07:15:38 +00:00			`annotations:`
			`kubernetes.io/ingress.class: nginx`
Update rewrite rules to allow public access to grafana 2025-08-02 16:33:06 +00:00			`#nginx.ingress.kubernetes.io/rewrite-target: /$2`
add production values 2021-11-18 07:15:38 +00:00			`cert-manager.io/cluster-issuer: letsencrypt-nginx-production`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`nginx.ingress.kubernetes.io/backend-protocol: "HTTP"`
Update rewrite rules to allow public access to grafana 2025-08-02 16:33:06 +00:00			`#nginx.ingress.kubernetes.io/auth-type: basic`
			`#nginx.ingress.kubernetes.io/auth-secret: monitoring-basic-auth`
			`#nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required'`
add production values 2021-11-18 07:15:38 +00:00			`hosts:`
			`- monitoring.video.jamkazam.com`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`path: /grafana`
add production values 2021-11-18 07:15:38 +00:00			`tls:`
			`- secretName: monitoring`
			`hosts:`
			`- monitoring.video.jamkazam.com`
			`grafana.ini:`
			`server:`
			`domain: monitoring.video.jamkazam.com`
			`root_url: "%(protocol)s://%(domain)s/grafana/"`
			`enable_gzip: "true"`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00			`serve_from_sub_path: true`
Apply grafana dashboard sidecare 2025-12-07 21:37:46 +00:00			`sidecar:`
			`dashboards:`
			`enabled: true`
			`label: grafana_dashboard`
			`searchNamespace: ALL`
Bump webrtc to have crash guarding 2025-12-04 03:10:21 +00:00			`additionalDataSources:`
			`- name: Loki`
			`type: loki`
			`url: http://loki.loki.svc:3100`
			`access: proxy`
			`isDefault: true`
add production values 2021-11-18 07:15:38 +00:00
			`# Disable control plane metrics`
			`kubeEtcd:`
			`enabled: false`

			`kubeControllerManager:`
			`enabled: false`

			`kubeScheduler:`
			`enabled: false`
Update prometheus and nginx ingress versions 2025-07-19 21:54:52 +00:00