Merge "Add east-west ingress network policy to Prometheus"

This commit is contained in:
Zuul 2019-03-07 04:44:10 +00:00 committed by Gerrit Code Review
commit e836707ad0
3 changed files with 16 additions and 9 deletions

View File

@ -211,6 +211,11 @@ network:
enabled: false
port: 30900
network_policy:
prometheus:
ingress:
- {}
secrets:
tls:
monitoring:
@ -234,7 +239,7 @@ manifests:
ingress: true
helm_tests: true
job_image_repo_sync: true
network_policy: false
network_policy: true
secret_ingress_tls: true
secret_prometheus: true
service_ingress: true
@ -1195,7 +1200,7 @@ conf:
description: Prometheus failed to scrape API server(s), or all API servers have disappeared from service discovery.
summary: API server unreachable
- alert: K8SApiServerLatency
expr: histogram_quantile(0.99, sum(apiserver_request_latencies_bucket{verb!~"CONNECT|WATCHLIST|WATCH|PROXY|DELETECOLLECTION"}) WITHOUT (instance, resource)) / 1e+06 > 1
expr: histogram_quantile(0.99, sum(apiserver_request_latencies_bucket{verb!~"CONNECT|WATCHLIST|WATCH|PROXY"}) WITHOUT (instance, resource)) / 1e+06 > 1
for: 10m
labels:
severity: warning

View File

@ -43,19 +43,20 @@ network_policy:
application: nagios
- podSelector:
matchLabels:
application: fluentd-exporter
- podSelector:
matchLabels:
application: fluentd
application: ingress
ports:
- protocol: TCP
port: 9093
- protocol: TCP
port: 9090
- protocol: TCP
port: 6783
- protocol: TCP
port: 9108
- protocol: TCP
port: 80
- protocol: TCP
port: 443
EOF
#NOTE: Deploy command

View File

@ -48,6 +48,7 @@ function test_netpol {
fi
fi
}
# Doing negative tests
test_netpol osh-infra mariadb server elasticsearch.osh-infra.svc.cluster.local fail
test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail