From 51c6f4a706fcf74d3528918fc85241ad82ffc9dd Mon Sep 17 00:00:00 2001 From: Sergey Antropoff Date: Sat, 25 Apr 2026 11:26:14 +0300 Subject: [PATCH] =?UTF-8?q?feat:=20=D0=B4=D0=BE=D0=B1=D0=B0=D0=B2=D0=B8?= =?UTF-8?q?=D1=82=D1=8C=20prometheus-=D0=BC=D0=B5=D1=82=D1=80=D0=B8=D0=BA?= =?UTF-8?q?=D0=B8=20=D0=BA=D0=BE=20=D0=B2=D1=81=D0=B5=D0=BC=20=D0=BE=D1=81?= =?UTF-8?q?=D1=82=D0=B0=D0=B2=D1=88=D0=B8=D0=BC=D1=81=D1=8F=20=D0=B0=D0=B4?= =?UTF-8?q?=D0=B4=D0=BE=D0=BD=D0=B0=D0=BC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - cert-manager: prometheus.enabled + servicemonitor (port 9402) - ingress-nginx: динамический ServiceMonitor вместо захардкоженного false - ArgoCD: metrics.enabled для всех компонентов (server, repoServer, applicationSet, notifications, controller) - Longhorn: metrics.serviceMonitor.enabled - Istio: ServiceMonitor для istiod (port http-monitoring), enablePrometheusMerge для sidecar-метрик, fix istio_telemetry_enabled → istio_metrics_enabled в шаблоне Во всех случаях ServiceMonitor создаётся только при addon_prometheus_stack: true. --- addons/argocd/role/defaults/main.yml | 4 +++ addons/argocd/role/tasks/main.yml | 21 +++++++++++++++ addons/cert-manager/role/defaults/main.yml | 4 +++ addons/cert-manager/role/tasks/main.yml | 4 +++ .../templates/ingress-nginx-values.yaml.j2 | 2 +- addons/istio/role/defaults/main.yml | 5 ++-- addons/istio/role/tasks/main.yml | 26 +++++++++++++++++++ .../role/templates/istiod-values.yaml.j2 | 2 +- addons/longhorn/role/defaults/main.yml | 4 +++ addons/longhorn/role/tasks/main.yml | 3 +++ group_vars/all/addons.yml | 2 +- 11 files changed, 72 insertions(+), 5 deletions(-) diff --git a/addons/argocd/role/defaults/main.yml b/addons/argocd/role/defaults/main.yml index b784ccb..babf51e 100644 --- a/addons/argocd/role/defaults/main.yml +++ b/addons/argocd/role/defaults/main.yml @@ -12,6 +12,10 @@ argocd_ingress_class: "{{ ingress_nginx_class_name | default('nginx') }}" argocd_ingress_tls: false argocd_ingress_cert_issuer: "{{ cert_manager_default_issuer_name | default('letsencrypt-prod') }}" +# ── Метрики (встроены в каждый компонент) ──────────────────────────────────── +argocd_metrics_enabled: true +# ServiceMonitor создаётся только когда addon_prometheus_stack: true + argocd_resources: requests: cpu: 50m diff --git a/addons/argocd/role/tasks/main.yml b/addons/argocd/role/tasks/main.yml index 2adcf02..b0bb67f 100644 --- a/addons/argocd/role/tasks/main.yml +++ b/addons/argocd/role/tasks/main.yml @@ -22,12 +22,33 @@ server: insecure: "{{ argocd_insecure | bool }}" resources: "{{ argocd_resources }}" + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" repoServer: resources: "{{ argocd_resources }}" + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" applicationSet: resources: "{{ argocd_resources }}" + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" notifications: resources: "{{ argocd_resources }}" + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" + controller: + metrics: + enabled: "{{ argocd_metrics_enabled | bool }}" + serviceMonitor: + enabled: "{{ argocd_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" redis: resources: requests: diff --git a/addons/cert-manager/role/defaults/main.yml b/addons/cert-manager/role/defaults/main.yml index 5e215d5..90e520a 100644 --- a/addons/cert-manager/role/defaults/main.yml +++ b/addons/cert-manager/role/defaults/main.yml @@ -19,6 +19,10 @@ cert_manager_acme_servers: # cert-manager автоматически обновляет сертификаты за 30 дней до истечения — вручную ничего делать не нужно. cert_manager_default_issuer_name: "letsencrypt-prod" +# ── Метрики (prometheus exporter — встроен в cert-manager, порт 9402) ───────── +cert_manager_metrics_enabled: true +# ServiceMonitor создаётся только когда addon_prometheus_stack: true + cert_manager_resources: requests: cpu: 10m diff --git a/addons/cert-manager/role/tasks/main.yml b/addons/cert-manager/role/tasks/main.yml index 85ce338..a49a715 100644 --- a/addons/cert-manager/role/tasks/main.yml +++ b/addons/cert-manager/role/tasks/main.yml @@ -22,6 +22,10 @@ resources: "{{ cert_manager_resources }}" cainjector: resources: "{{ cert_manager_resources }}" + prometheus: + enabled: "{{ cert_manager_metrics_enabled | bool }}" + servicemonitor: + enabled: "{{ cert_manager_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" environment: KUBECONFIG: "{{ k3s_kubeconfig_path }}" register: cert_manager_deploy diff --git a/addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2 b/addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2 index 26c7f71..6086260 100644 --- a/addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2 +++ b/addons/ingress-nginx/role/templates/ingress-nginx-values.yaml.j2 @@ -71,7 +71,7 @@ controller: enabled: {{ ingress_nginx_metrics_enabled | lower }} {% if ingress_nginx_metrics_enabled %} serviceMonitor: - enabled: false # включи если есть Prometheus Operator + enabled: {{ (addon_prometheus_stack | default(false) | bool) | lower }} {% endif %} # Tolerations для запуска на мастере и RPi diff --git a/addons/istio/role/defaults/main.yml b/addons/istio/role/defaults/main.yml index d84b358..6b6b93b 100644 --- a/addons/istio/role/defaults/main.yml +++ b/addons/istio/role/defaults/main.yml @@ -28,8 +28,9 @@ istio_gateway_resources: cpu: 500m memory: 256Mi -# Включить Prometheus-совместимый сбор метрик -istio_telemetry_enabled: true +# Включить Prometheus-совместимый сбор метрик istiod + sidecar Envoy +istio_metrics_enabled: true +# ServiceMonitor для istiod создаётся только когда addon_prometheus_stack: true # ─── Kiali (Service Mesh UI) ────────────────────────────────────────────────── # Установка Kiali опционально вместе с Istio diff --git a/addons/istio/role/tasks/main.yml b/addons/istio/role/tasks/main.yml index e02fda1..d67fb15 100644 --- a/addons/istio/role/tasks/main.yml +++ b/addons/istio/role/tasks/main.yml @@ -115,6 +115,32 @@ run_once: true changed_when: true +- name: Create istiod metrics ServiceMonitor + kubernetes.core.k8s: + state: present + definition: + apiVersion: monitoring.coreos.com/v1 + kind: ServiceMonitor + metadata: + name: istiod + namespace: "{{ istio_namespace }}" + labels: + release: kube-prometheus-stack + spec: + selector: + matchLabels: + app: istiod + endpoints: + - port: http-monitoring + path: /metrics + interval: 30s + become: true + delegate_to: "{{ groups['k3s_master'][0] }}" + run_once: true + environment: + KUBECONFIG: "{{ k3s_kubeconfig_path }}" + when: istio_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool + - name: Show Istio status ansible.builtin.command: > k3s kubectl -n {{ istio_namespace }} get pods diff --git a/addons/istio/role/templates/istiod-values.yaml.j2 b/addons/istio/role/templates/istiod-values.yaml.j2 index 302cb40..6b70f7d 100644 --- a/addons/istio/role/templates/istiod-values.yaml.j2 +++ b/addons/istio/role/templates/istiod-values.yaml.j2 @@ -19,7 +19,7 @@ pilot: meshConfig: accessLogFile: /dev/stdout enableTracing: false -{% if istio_telemetry_enabled %} +{% if istio_metrics_enabled %} defaultConfig: proxyMetadata: {} enablePrometheusMerge: true diff --git a/addons/longhorn/role/defaults/main.yml b/addons/longhorn/role/defaults/main.yml index 961f960..224abe2 100644 --- a/addons/longhorn/role/defaults/main.yml +++ b/addons/longhorn/role/defaults/main.yml @@ -16,6 +16,10 @@ longhorn_ingress_class: "{{ ingress_nginx_class_name | default('nginx') }}" longhorn_ingress_tls: false longhorn_ingress_cert_issuer: "{{ cert_manager_default_issuer_name | default('letsencrypt-prod') }}" +# ── Метрики (встроенные Longhorn metrics + ServiceMonitor) ──────────────────── +longhorn_metrics_enabled: true +# ServiceMonitor создаётся только когда addon_prometheus_stack: true + longhorn_resources: requests: cpu: 25m diff --git a/addons/longhorn/role/tasks/main.yml b/addons/longhorn/role/tasks/main.yml index 9513751..360c14b 100644 --- a/addons/longhorn/role/tasks/main.yml +++ b/addons/longhorn/role/tasks/main.yml @@ -42,6 +42,9 @@ resources: "{{ longhorn_resources }}" longhornDriver: resources: "{{ longhorn_resources }}" + metrics: + serviceMonitor: + enabled: "{{ longhorn_metrics_enabled | bool and addon_prometheus_stack | default(false) | bool }}" environment: KUBECONFIG: "{{ k3s_kubeconfig_path }}" diff --git a/group_vars/all/addons.yml b/group_vars/all/addons.yml index 15adf82..58369a0 100644 --- a/group_vars/all/addons.yml +++ b/group_vars/all/addons.yml @@ -10,7 +10,7 @@ addon_csi_nfs: false # CSI NFS Driver + StorageClass addon_ingress_nginx: true # ingress-nginx (Ingress controller) addon_cert_manager: false # cert-manager (TLS через Let's Encrypt) addon_metrics_server: true # metrics-server (kubectl top nodes/pods) -addon_prometheus_stack: false # Prometheus + Grafana + Alertmanager +addon_prometheus_stack: true # Prometheus + Grafana + Alertmanager addon_istio: false # Istio service mesh + Kiali UI addon_argocd: false # ArgoCD (GitOps) addon_longhorn: false # Longhorn (distributed block storage)