diff --git a/addons/argocd/role/defaults/main.yml b/addons/argocd/role/defaults/main.yml index b784ccb..babf51e 100644 --- a/addons/argocd/role/defaults/main.yml +++ b/addons/argocd/role/defaults/main.yml @@ -12,6 +12,10 @@ argocd_ingress_class: "{{ ingress_nginx_class_name | default('nginx') }}" argocd_ingress_tls: false argocd_ingress_cert_issuer: "{{ cert_manager_default_issuer_name | default('letsencrypt-prod') }}" +# ── Метрики (встроены в каждый компонент) ──────────────────────────────────── +argocd_metrics_enabled: true +# ServiceMonitor создаётся только когда addon_prometheus_stack: true + argocd_resources: requests: cpu: 50m diff --git a/addons/argocd/role/tasks/main.yml b/addons/argocd/role/tasks/main.yml index 2adcf02..b0bb67f 100644 --- a/addons/argocd/role/tasks/main.yml +++ b/addons/argocd/role/tasks/main.yml @@ -22,12 +22,33 @@ server: insecure: "{{ argocd_insecure | bool }}" resources: "{{ argocd_resources }}" + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" repoServer: resources: "{{ argocd_resources }}" + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" applicationSet: resources: "{{ argocd_resources }}" + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" notifications: resources: "{{ argocd_resources }}" + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" + controller: + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" redis: resources: requests: diff --git a/addons/cert-manager/role/defaults/main.yml b/addons/cert-manager/role/defaults/main.yml index 5e215d5..90e520a 100644 --- a/addons/cert-manager/role/defaults/main.yml +++ b/addons/cert-manager/role/defaults/main.yml @@ -19,6 +19,10 @@ cert_manager_acme_servers: # cert-manager автоматически обновляет сертификаты за 30 дней до истечения — вручную ничего делать не нужно. cert_manager_default_issuer_name: "letsencrypt-prod" +# ── Метрики (prometheus exporter — встроен в cert-manager, порт 9402) ───────── +cert_manager_metrics_enabled: true +# ServiceMonitor создаётся только когда addon_prometheus_stack: true + cert_manager_resources: requests: cpu: 10m diff --git a/addons/cert-manager/role/tasks/main.yml b/addons/cert-manager/role/tasks/main.yml index 85ce338..a49a715 100644 --- a/addons/cert-manager/role/tasks/main.yml +++ b/addons/cert-manager/role/tasks/main.yml @@ -22,6 +22,10 @@ resources: "{{ cert_manager_resources }}" cainjector: resources: "{{ cert_manager_resources }}" + prometheus: + enabled: "{{ cert_manager_metrics_enabled | bool }}" + servicemonitor: + enabled: "{{ cert_manager_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" environment: KUBECONFIG: "{{ k3s_kubeconfig_path }}" register: cert_manager_deploy diff --git a/addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2 b/addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2 index 26c7f71..6086260 100644 --- a/addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2 +++ b/addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2 @@ -71,7 +71,7 @@ controller: enabled: {{ ingress_nginx_metrics_enabled | lower }} {% if ingress_nginx_metrics_enabled %} serviceMonitor: - enabled: false # включи если есть Prometheus Operator + enabled: {{ (addon_prometheus_stack | default(false) | bool) | lower }} {% endif %} # Tolerations для запуска на мастере и RPi diff --git a/addons/istio/role/defaults/main.yml b/addons/istio/role/defaults/main.yml index d84b358..6b6b93b 100644 --- a/addons/istio/role/defaults/main.yml +++ b/addons/istio/role/defaults/main.yml @@ -28,8 +28,9 @@ istio_gateway_resources: cpu: 500m memory: 256Mi -# Включить Prometheus-совместимый сбор метрик -istio_telemetry_enabled: true +# Включить Prometheus-совместимый сбор метрик istiod + sidecar Envoy +istio_metrics_enabled: true +# ServiceMonitor для istiod создаётся только когда addon_prometheus_stack: true # ─── Kiali (Service Mesh UI) ────────────────────────────────────────────────── # Установка Kiali опционально вместе с Istio diff --git a/addons/istio/role/tasks/main.yml b/addons/istio/role/tasks/main.yml index e02fda1..d67fb15 100644 --- a/addons/istio/role/tasks/main.yml +++ b/addons/istio/role/tasks/main.yml @@ -115,6 +115,32 @@ run_once: true changed_when: true +- name: Create istiod metrics ServiceMonitor + kubernetes.core.k8s: + state: present + definition: + apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + name: istiod + namespace: "{{ istio_namespace }}" + labels: + release: kube-prometheus-stack + spec: + selector: + matchLabels: + app: istiod + endpoints: + - port: http-monitoring + path: /metrics + interval: 30s + become: true + delegate_to: "{{ groups['k3s_master'][0] }}" + run_once: true + environment: + KUBECONFIG: "{{ k3s_kubeconfig_path }}" + when: istio_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool + - name: Show Istio status ansible.builtin.command: > k3s kubectl -n {{ istio_namespace }} get pods diff --git a/addons/istio/role/templates/istiod-values.yaml.j2 b/addons/istio/role/templates/istiod-values.yaml.j2 index 302cb40..6b70f7d 100644 --- a/addons/istio/role/templates/istiod-values.yaml.j2 +++ b/addons/istio/role/templates/istiod-values.yaml.j2 @@ -19,7 +19,7 @@ pilot: meshConfig: accessLogFile: /dev/stdout enableTracing: false -{% if istio_telemetry_enabled %} +{% if istio_metrics_enabled %} defaultConfig: proxyMetadata: {} enablePrometheusMerge: true diff --git a/addons/longhorn/role/defaults/main.yml b/addons/longhorn/role/defaults/main.yml index 961f960..224abe2 100644 --- a/addons/longhorn/role/defaults/main.yml +++ b/addons/longhorn/role/defaults/main.yml @@ -16,6 +16,10 @@ longhorn_ingress_class: "{{ ingress_nginx_class_name | default('nginx') }}" longhorn_ingress_tls: false longhorn_ingress_cert_issuer: "{{ cert_manager_default_issuer_name | default('letsencrypt-prod') }}" +# ── Метрики (встроенные Longhorn metrics + ServiceMonitor) ──────────────────── +longhorn_metrics_enabled: true +# ServiceMonitor создаётся только когда addon_prometheus_stack: true + longhorn_resources: requests: cpu: 25m diff --git a/addons/longhorn/role/tasks/main.yml b/addons/longhorn/role/tasks/main.yml index 9513751..360c14b 100644 --- a/addons/longhorn/role/tasks/main.yml +++ b/addons/longhorn/role/tasks/main.yml @@ -42,6 +42,9 @@ resources: "{{ longhorn_resources }}" longhornDriver: resources: "{{ longhorn_resources }}" + metrics: + serviceMonitor: + enabled: "{{ longhorn_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" environment: KUBECONFIG: "{{ k3s_kubeconfig_path }}" diff --git a/group_vars/all/addons.yml b/group_vars/all/addons.yml index 15adf82..58369a0 100644 --- a/group_vars/all/addons.yml +++ b/group_vars/all/addons.yml @@ -10,7 +10,7 @@ addon_csi_nfs: false # CSI NFS Driver + StorageClass addon_ingress_nginx: true # ingress-nginx (Ingress controller) addon_cert_manager: false # cert-manager (TLS через Let's Encrypt) addon_metrics_server: true # metrics-server (kubectl top nodes/pods) -addon_prometheus_stack: false # Prometheus + Grafana + Alertmanager +addon_prometheus_stack: true # Prometheus + Grafana + Alertmanager addon_istio: false # Istio service mesh + Kiali UI addon_argocd: false # ArgoCD (GitOps) addon_longhorn: false # Longhorn (distributed block storage)