diff --git a/config/resources-metrics/iam/group_memberships.yaml b/config/resources-metrics/iam/group_memberships.yaml deleted file mode 100644 index ee5060df..00000000 --- a/config/resources-metrics/iam/group_memberships.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "GroupMembership" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_group_memberships - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] \ No newline at end of file diff --git a/config/resources-metrics/iam/groups.yaml b/config/resources-metrics/iam/groups.yaml deleted file mode 100644 index 9fceb747..00000000 --- a/config/resources-metrics/iam/groups.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "Group" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_groups - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] \ No newline at end of file diff --git a/config/resources-metrics/iam/kustomization.yaml b/config/resources-metrics/iam/kustomization.yaml deleted file mode 100644 index 26e37a8a..00000000 --- a/config/resources-metrics/iam/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component - -configMapGenerator: - - name: milo-iam-resource-metrics - files: - - users.yaml - - groups.yaml - - group_memberships.yaml - - machine_accounts.yaml - - machine_account_keys.yaml - - policy_bindings.yaml - - roles.yaml - - user_invitations.yaml - - protected_resources.yaml - options: - labels: - telemetry.datumapis.com/core-resource-metrics-config: "true" diff --git a/config/resources-metrics/iam/machine_account_keys.yaml b/config/resources-metrics/iam/machine_account_keys.yaml deleted file mode 100644 index 9bd7e3f0..00000000 --- a/config/resources-metrics/iam/machine_account_keys.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "MachineAccountKey" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_machine_account_keys - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] \ No newline at end of file diff --git a/config/resources-metrics/iam/machine_accounts.yaml b/config/resources-metrics/iam/machine_accounts.yaml deleted file mode 100644 index 11b3c4f1..00000000 --- a/config/resources-metrics/iam/machine_accounts.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "MachineAccount" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_machine_accounts - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] \ No newline at end of file diff --git a/config/resources-metrics/iam/policy_bindings.yaml b/config/resources-metrics/iam/policy_bindings.yaml deleted file mode 100644 index 1458e13a..00000000 --- a/config/resources-metrics/iam/policy_bindings.yaml +++ /dev/null @@ -1,42 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "PolicyBinding" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_policy_bindings - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] - - name: "status_condition" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - valueFrom: ["status"] - - name: "status_condition_last_transition_time" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - status: ["status"] - valueFrom: ["lastTransitionTime"] diff --git a/config/resources-metrics/iam/protected_resources.yaml b/config/resources-metrics/iam/protected_resources.yaml deleted file mode 100644 index 43587e5e..00000000 --- a/config/resources-metrics/iam/protected_resources.yaml +++ /dev/null @@ -1,42 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "ProtectedResource" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_protected_resources - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] - - name: "status_condition" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - valueFrom: ["status"] - - name: "status_condition_last_transition_time" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - status: ["status"] - valueFrom: ["lastTransitionTime"] \ No newline at end of file diff --git a/config/resources-metrics/iam/roles.yaml b/config/resources-metrics/iam/roles.yaml deleted file mode 100644 index bd01296f..00000000 --- a/config/resources-metrics/iam/roles.yaml +++ /dev/null @@ -1,42 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "Role" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_roles - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] - - name: "status_condition" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - valueFrom: ["status"] - - name: "status_condition_last_transition_time" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - status: ["status"] - valueFrom: ["lastTransitionTime"] \ No newline at end of file diff --git a/config/resources-metrics/iam/user_invitations.yaml b/config/resources-metrics/iam/user_invitations.yaml deleted file mode 100644 index 023f3ae4..00000000 --- a/config/resources-metrics/iam/user_invitations.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "UserInvitation" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_user_invitations - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] \ No newline at end of file diff --git a/config/resources-metrics/iam/users.yaml b/config/resources-metrics/iam/users.yaml deleted file mode 100644 index b4f0b748..00000000 --- a/config/resources-metrics/iam/users.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "iam.miloapis.com" - kind: "User" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_users - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] \ No newline at end of file diff --git a/config/resources-metrics/infrastructure/kustomization.yaml b/config/resources-metrics/infrastructure/kustomization.yaml deleted file mode 100644 index 05b33bf4..00000000 --- a/config/resources-metrics/infrastructure/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component - -configMapGenerator: - - name: milo-infrastructure-resource-metrics - files: - - project_control_planes.yaml - options: - labels: - telemetry.datumapis.com/core-resource-metrics-config: "true" diff --git a/config/resources-metrics/infrastructure/project_control_planes.yaml b/config/resources-metrics/infrastructure/project_control_planes.yaml deleted file mode 100644 index 08b7362c..00000000 --- a/config/resources-metrics/infrastructure/project_control_planes.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "infrastructure.miloapis.com" - kind: "ProjectControlPlane" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_project_control_planes - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - "uid": [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] \ No newline at end of file diff --git a/config/resources-metrics/kustomization.yaml b/config/resources-metrics/kustomization.yaml index 3284a57e..3f67f964 100644 --- a/config/resources-metrics/kustomization.yaml +++ b/config/resources-metrics/kustomization.yaml @@ -1,7 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component +# Aggregates all custom resource metrics configurations from Milo services. components: - - iam/ - - resources-manager/ - - infrastructure/ + - ../services/quota/telemetry/metrics/control-plane + - ../services/iam/telemetry/metrics/control-plane + - ../services/notification/telemetry/metrics/control-plane + - ../services/resource-manager/telemetry/metrics/control-plane diff --git a/config/resources-metrics/resources-manager/kustomization.yaml b/config/resources-metrics/resources-manager/kustomization.yaml deleted file mode 100644 index 132e0895..00000000 --- a/config/resources-metrics/resources-manager/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1alpha1 -kind: Component -namespace: milo-system -configMapGenerator: - - name: milo-resource-metrics - files: - - projects.yaml - - organizations.yaml - - organization_memberships.yaml - options: - labels: - telemetry.datumapis.com/core-resource-metrics-config: "true" diff --git a/config/resources-metrics/resources-manager/organization_memberships.yaml b/config/resources-metrics/resources-manager/organization_memberships.yaml deleted file mode 100644 index cb8bde8a..00000000 --- a/config/resources-metrics/resources-manager/organization_memberships.yaml +++ /dev/null @@ -1,43 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "resourcemanager.miloapis.com" - kind: "OrganizationMembership" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_organization_memberships - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - organization_type: ["spec", "type"] - uid: [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] - - name: "status_condition" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - valueFrom: ["status"] - - name: "status_condition_last_transition_time" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - status: ["status"] - valueFrom: ["lastTransitionTime"] diff --git a/config/resources-metrics/resources-manager/organizations.yaml b/config/resources-metrics/resources-manager/organizations.yaml deleted file mode 100644 index b81867e3..00000000 --- a/config/resources-metrics/resources-manager/organizations.yaml +++ /dev/null @@ -1,43 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "resourcemanager.miloapis.com" - kind: "Organization" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_organizations - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - organization_type: ["spec", "type"] - uid: [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] - - name: "status_condition" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - valueFrom: ["status"] - - name: "status_condition_last_transition_time" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - status: ["status"] - valueFrom: ["lastTransitionTime"] diff --git a/config/resources-metrics/resources-manager/projects.yaml b/config/resources-metrics/resources-manager/projects.yaml deleted file mode 100644 index d7d31ab4..00000000 --- a/config/resources-metrics/resources-manager/projects.yaml +++ /dev/null @@ -1,44 +0,0 @@ -kind: CustomResourceStateMetrics -spec: - resources: - - groupVersionKind: - group: "resourcemanager.miloapis.com" - kind: "Project" - version: "v1alpha1" - labelsFromPath: - name: [metadata, name] - namespace: [metadata, namespace] - metricNamePrefix: milo_projects - metrics: - - name: "info" - each: - type: Info - info: - labelsFromPath: - owner_kind: ["spec", "ownerRef", "kind"] - owner_name: ["spec", "ownerRef", "name"] - uid: [metadata, uid] - - name: "created_timestamp" - each: - type: Gauge - gauge: - path: [metadata, creationTimestamp] - - name: "status_condition" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - valueFrom: ["status"] - - name: "status_condition_last_transition_time" - each: - type: Gauge - gauge: - path: [status, conditions] - labelsFromPath: - type: ["type"] - reason: ["reason"] - status: ["status"] - valueFrom: ["lastTransitionTime"] diff --git a/config/services/iam/kustomization.yaml b/config/services/iam/kustomization.yaml new file mode 100644 index 00000000..2e14f70c --- /dev/null +++ b/config/services/iam/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# IAM service configuration +# Includes telemetry, roles, and other service-specific configurations + +components: + - telemetry diff --git a/config/services/iam/telemetry/kustomization.yaml b/config/services/iam/telemetry/kustomization.yaml new file mode 100644 index 00000000..a4d7c9dd --- /dev/null +++ b/config/services/iam/telemetry/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# Kustomize component for IAM telemetry +# Includes both raw metrics collection and aggregation policies +# for comprehensive observability of the IAM system. + +metadata: + name: iam-telemetry + annotations: + config.kubernetes.io/function: | + container: + image: registry.k8s.io/kustomize/kustomize:v5.0.1 + config.kubernetes.io/local-config: "true" + +components: + - metrics/control-plane + +generatorOptions: + disableNameSuffixHash: false + labels: + milo.iam/telemetry: complete + app.kubernetes.io/part-of: milo + app.kubernetes.io/component: iam + app.kubernetes.io/managed-by: kustomize diff --git a/config/services/iam/telemetry/metrics/control-plane/group_memberships.yaml b/config/services/iam/telemetry/metrics/control-plane/group_memberships.yaml new file mode 100644 index 00000000..8b530966 --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/group_memberships.yaml @@ -0,0 +1,49 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "GroupMembership" + version: "v1alpha1" + metricNamePrefix: milo_group_memberships + commonLabels: + component: iam + resource_type: group_membership + labelsFromPath: + group_name: [spec, groupRef, name] + member_kind: [spec, memberRef, kind] + member_name: [spec, memberRef, name] + metrics: + - name: "info" + help: "Information about group memberships" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for group memberships" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the group membership was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the group membership" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/groups.yaml b/config/services/iam/telemetry/metrics/control-plane/groups.yaml new file mode 100644 index 00000000..27ac5831 --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/groups.yaml @@ -0,0 +1,45 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "Group" + version: "v1alpha1" + metricNamePrefix: milo_groups + commonLabels: + component: iam + resource_type: group + metrics: + - name: "info" + help: "Information about groups" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for groups" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the group was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the group" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/kustomization.yaml b/config/services/iam/telemetry/metrics/control-plane/kustomization.yaml new file mode 100644 index 00000000..0b111de2 --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/kustomization.yaml @@ -0,0 +1,91 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# Kustomize component for IAM custom resource state metrics +# Creates ConfigMaps that the resource-metrics-collector sidecar will discover +# and merge into its kube-state-metrics configuration +configMapGenerator: + - name: milo-iam-users-metrics + options: + labels: + iam.miloapis.com/resource-type: users + files: + - config.yaml=users.yaml + + - name: milo-iam-groups-metrics + options: + labels: + iam.miloapis.com/resource-type: groups + files: + - config.yaml=groups.yaml + + - name: milo-iam-groupmemberships-metrics + options: + labels: + iam.miloapis.com/resource-type: groupmemberships + files: + - config.yaml=group_memberships.yaml + + - name: milo-iam-roles-metrics + options: + labels: + iam.miloapis.com/resource-type: roles + files: + - config.yaml=roles.yaml + + - name: milo-iam-policybindings-metrics + options: + labels: + iam.miloapis.com/resource-type: policybindings + files: + - config.yaml=policy_bindings.yaml + + - name: milo-iam-machineaccounts-metrics + options: + labels: + iam.miloapis.com/resource-type: machineaccounts + files: + - config.yaml=machine_accounts.yaml + + - name: milo-iam-machineaccountkeys-metrics + options: + labels: + iam.miloapis.com/resource-type: machineaccountkeys + files: + - config.yaml=machine_account_keys.yaml + + - name: milo-iam-userinvitations-metrics + options: + labels: + iam.miloapis.com/resource-type: userinvitations + files: + - config.yaml=user_invitations.yaml + + - name: milo-iam-userdeactivations-metrics + options: + labels: + iam.miloapis.com/resource-type: userdeactivations + files: + - config.yaml=user_deactivations.yaml + + - name: milo-iam-userpreferences-metrics + options: + labels: + iam.miloapis.com/resource-type: userpreferences + files: + - config.yaml=user_preferences.yaml + + - name: milo-iam-protectedresources-metrics + options: + labels: + iam.miloapis.com/resource-type: protectedresources + files: + - config.yaml=protected_resources.yaml + +generatorOptions: + disableNameSuffixHash: true + labels: + app.kubernetes.io/part-of: milo + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/component: iam-metrics + telemetry.datumapis.com/core-resource-metrics-config: "true" diff --git a/config/services/iam/telemetry/metrics/control-plane/machine_account_keys.yaml b/config/services/iam/telemetry/metrics/control-plane/machine_account_keys.yaml new file mode 100644 index 00000000..f5d9d779 --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/machine_account_keys.yaml @@ -0,0 +1,47 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "MachineAccountKey" + version: "v1alpha1" + metricNamePrefix: milo_machine_account_keys + commonLabels: + component: iam + resource_type: machine_account_key + labelsFromPath: + machine_account_name: [spec, machineAccountRef, name] + metrics: + - name: "info" + help: "Information about machine account keys" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for machine account keys" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the machine account key was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the machine account key" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/machine_accounts.yaml b/config/services/iam/telemetry/metrics/control-plane/machine_accounts.yaml new file mode 100644 index 00000000..81100fa6 --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/machine_accounts.yaml @@ -0,0 +1,45 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "MachineAccount" + version: "v1alpha1" + metricNamePrefix: milo_machine_accounts + commonLabels: + component: iam + resource_type: machine_account + metrics: + - name: "info" + help: "Information about machine accounts" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for machine accounts" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the machine account was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the machine account" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/policy_bindings.yaml b/config/services/iam/telemetry/metrics/control-plane/policy_bindings.yaml new file mode 100644 index 00000000..a0a80a2e --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/policy_bindings.yaml @@ -0,0 +1,57 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "PolicyBinding" + version: "v1alpha1" + metricNamePrefix: milo_policy_bindings + commonLabels: + component: iam + resource_type: policy_binding + labelsFromPath: + role_name: [spec, roleRef, name] + subject_kind: [spec, subjectRef, kind] + subject_name: [spec, subjectRef, name] + metrics: + - name: "info" + help: "Information about policy bindings" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for policy bindings" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the policy binding was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "observed_generation" + help: "The observed generation for the policy binding" + each: + type: Gauge + gauge: + path: [status, observedGeneration] + nilIsZero: true + + - name: "current_generation" + help: "The current generation for the policy binding" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/protected_resources.yaml b/config/services/iam/telemetry/metrics/control-plane/protected_resources.yaml new file mode 100644 index 00000000..86e3da7f --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/protected_resources.yaml @@ -0,0 +1,57 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "ProtectedResource" + version: "v1alpha1" + metricNamePrefix: milo_protected_resources + commonLabels: + component: iam + resource_type: protected_resource + labelsFromPath: + resource_api_group: [spec, resourceRef, apiGroup] + resource_kind: [spec, resourceRef, kind] + resource_name: [spec, resourceRef, name] + metrics: + - name: "info" + help: "Information about protected resources" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for protected resources" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the protected resource was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "observed_generation" + help: "The observed generation for the protected resource" + each: + type: Gauge + gauge: + path: [status, observedGeneration] + nilIsZero: true + + - name: "current_generation" + help: "The current generation for the protected resource" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/roles.yaml b/config/services/iam/telemetry/metrics/control-plane/roles.yaml new file mode 100644 index 00000000..06982e9a --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/roles.yaml @@ -0,0 +1,53 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "Role" + version: "v1alpha1" + metricNamePrefix: milo_roles + commonLabels: + component: iam + resource_type: role + metrics: + - name: "info" + help: "Information about roles" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for roles" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the role was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "observed_generation" + help: "The observed generation for the role" + each: + type: Gauge + gauge: + path: [status, observedGeneration] + nilIsZero: true + + - name: "current_generation" + help: "The current generation for the role" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/user_deactivations.yaml b/config/services/iam/telemetry/metrics/control-plane/user_deactivations.yaml new file mode 100644 index 00000000..798e311b --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/user_deactivations.yaml @@ -0,0 +1,49 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "UserDeactivation" + version: "v1alpha1" + metricNamePrefix: milo_user_deactivations + commonLabels: + component: iam + resource_type: user_deactivation + labelsFromPath: + user_name: [spec, userRef, name] + deactivated_by: [spec, deactivatedBy] + reason: [spec, reason] + metrics: + - name: "info" + help: "Information about user deactivations" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for user deactivations" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the user deactivation was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the user deactivation" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/user_invitations.yaml b/config/services/iam/telemetry/metrics/control-plane/user_invitations.yaml new file mode 100644 index 00000000..cd450fe7 --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/user_invitations.yaml @@ -0,0 +1,47 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "UserInvitation" + version: "v1alpha1" + metricNamePrefix: milo_user_invitations + commonLabels: + component: iam + resource_type: user_invitation + labelsFromPath: + email: [spec, email] + metrics: + - name: "info" + help: "Information about user invitations" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for user invitations" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the user invitation was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the user invitation" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/user_preferences.yaml b/config/services/iam/telemetry/metrics/control-plane/user_preferences.yaml new file mode 100644 index 00000000..649a5a91 --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/user_preferences.yaml @@ -0,0 +1,47 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "UserPreference" + version: "v1alpha1" + metricNamePrefix: milo_user_preferences + commonLabels: + component: iam + resource_type: user_preference + labelsFromPath: + user_name: [spec, userRef, name] + metrics: + - name: "info" + help: "Information about user preferences" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for user preferences" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the user preference was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the user preference" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/iam/telemetry/metrics/control-plane/users.yaml b/config/services/iam/telemetry/metrics/control-plane/users.yaml new file mode 100644 index 00000000..b45b6662 --- /dev/null +++ b/config/services/iam/telemetry/metrics/control-plane/users.yaml @@ -0,0 +1,58 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "iam.miloapis.com" + kind: "User" + version: "v1alpha1" + metricNamePrefix: milo_users + commonLabels: + component: iam + resource_type: user + labelsFromPath: + email: [spec, email] + state: [status, state] + metrics: + - name: "info" + help: "Information about users" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + given_name: [spec, givenName] + family_name: [spec, familyName] + + - name: "status_condition" + help: "Status conditions for users" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "state" + help: "User activation state (1 = Active, 0 = Inactive)" + each: + type: StateSet + stateSet: + labelName: state + path: [status, state] + list: [Active, Inactive] + + - name: "created_timestamp" + help: "Timestamp when the user was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the user" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/kustomization.yaml b/config/services/kustomization.yaml index 4898a24d..9990b0a1 100644 --- a/config/services/kustomization.yaml +++ b/config/services/kustomization.yaml @@ -6,3 +6,6 @@ kind: Component components: - quota + - resource-manager + - iam + - notification diff --git a/config/services/notification/kustomization.yaml b/config/services/notification/kustomization.yaml new file mode 100644 index 00000000..b628ce43 --- /dev/null +++ b/config/services/notification/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# Notification service configuration +# Includes telemetry and other service-specific configurations + +components: + - telemetry diff --git a/config/services/notification/telemetry/kustomization.yaml b/config/services/notification/telemetry/kustomization.yaml new file mode 100644 index 00000000..8b7d8705 --- /dev/null +++ b/config/services/notification/telemetry/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# Kustomize component for notification telemetry +# Includes both raw metrics collection and aggregation policies +# for comprehensive observability of the notification system. + +metadata: + name: notification-telemetry + annotations: + config.kubernetes.io/function: | + container: + image: registry.k8s.io/kustomize/kustomize:v5.0.1 + config.kubernetes.io/local-config: "true" + +components: + - metrics/control-plane + +generatorOptions: + disableNameSuffixHash: false + labels: + milo.notification/telemetry: complete + app.kubernetes.io/part-of: milo + app.kubernetes.io/component: notification + app.kubernetes.io/managed-by: kustomize diff --git a/config/services/notification/telemetry/metrics/control-plane/contact_group_membership_removals.yaml b/config/services/notification/telemetry/metrics/control-plane/contact_group_membership_removals.yaml new file mode 100644 index 00000000..92f04f6b --- /dev/null +++ b/config/services/notification/telemetry/metrics/control-plane/contact_group_membership_removals.yaml @@ -0,0 +1,48 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "notification.miloapis.com" + kind: "ContactGroupMembershipRemoval" + version: "v1alpha1" + metricNamePrefix: milo_contact_group_membership_removals + commonLabels: + component: notification + resource_type: contact_group_membership_removal + labelsFromPath: + contact_group_name: [spec, contactGroupRef, name] + contact_name: [spec, contactRef, name] + metrics: + - name: "info" + help: "Information about contact group membership removals" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for contact group membership removals" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the contact group membership removal was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the contact group membership removal" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/notification/telemetry/metrics/control-plane/contact_group_memberships.yaml b/config/services/notification/telemetry/metrics/control-plane/contact_group_memberships.yaml new file mode 100644 index 00000000..e0fd766a --- /dev/null +++ b/config/services/notification/telemetry/metrics/control-plane/contact_group_memberships.yaml @@ -0,0 +1,48 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "notification.miloapis.com" + kind: "ContactGroupMembership" + version: "v1alpha1" + metricNamePrefix: milo_contact_group_memberships + commonLabels: + component: notification + resource_type: contact_group_membership + labelsFromPath: + contact_group_name: [spec, contactGroupRef, name] + contact_name: [spec, contactRef, name] + metrics: + - name: "info" + help: "Information about contact group memberships" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for contact group memberships" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the contact group membership was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the contact group membership" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/notification/telemetry/metrics/control-plane/contact_groups.yaml b/config/services/notification/telemetry/metrics/control-plane/contact_groups.yaml new file mode 100644 index 00000000..d361c389 --- /dev/null +++ b/config/services/notification/telemetry/metrics/control-plane/contact_groups.yaml @@ -0,0 +1,45 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "notification.miloapis.com" + kind: "ContactGroup" + version: "v1alpha1" + metricNamePrefix: milo_contact_groups + commonLabels: + component: notification + resource_type: contact_group + metrics: + - name: "info" + help: "Information about contact groups" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for contact groups" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the contact group was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the contact group" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/notification/telemetry/metrics/control-plane/contacts.yaml b/config/services/notification/telemetry/metrics/control-plane/contacts.yaml new file mode 100644 index 00000000..c8e237d6 --- /dev/null +++ b/config/services/notification/telemetry/metrics/control-plane/contacts.yaml @@ -0,0 +1,49 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "notification.miloapis.com" + kind: "Contact" + version: "v1alpha1" + metricNamePrefix: milo_contacts + commonLabels: + component: notification + resource_type: contact + labelsFromPath: + subject_kind: [spec, subject, kind] + subject_name: [spec, subject, name] + email: [spec, email] + metrics: + - name: "info" + help: "Information about contacts" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for contacts" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the contact was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the contact" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/notification/telemetry/metrics/control-plane/email_broadcasts.yaml b/config/services/notification/telemetry/metrics/control-plane/email_broadcasts.yaml new file mode 100644 index 00000000..92df6022 --- /dev/null +++ b/config/services/notification/telemetry/metrics/control-plane/email_broadcasts.yaml @@ -0,0 +1,71 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "notification.miloapis.com" + kind: "EmailBroadcast" + version: "v1alpha1" + metricNamePrefix: milo_email_broadcasts + commonLabels: + component: notification + resource_type: email_broadcast + labelsFromPath: + template_name: [spec, templateRef, name] + metrics: + - name: "info" + help: "Information about email broadcasts" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for email broadcasts" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "total_recipients" + help: "Total number of recipients for the broadcast" + each: + type: Gauge + gauge: + path: [status, totalRecipients] + nilIsZero: true + + - name: "successful_deliveries" + help: "Number of successful deliveries" + each: + type: Gauge + gauge: + path: [status, successfulDeliveries] + nilIsZero: true + + - name: "failed_deliveries" + help: "Number of failed deliveries" + each: + type: Gauge + gauge: + path: [status, failedDeliveries] + nilIsZero: true + + - name: "created_timestamp" + help: "Timestamp when the email broadcast was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the email broadcast" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/notification/telemetry/metrics/control-plane/email_templates.yaml b/config/services/notification/telemetry/metrics/control-plane/email_templates.yaml new file mode 100644 index 00000000..927c2265 --- /dev/null +++ b/config/services/notification/telemetry/metrics/control-plane/email_templates.yaml @@ -0,0 +1,52 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "notification.miloapis.com" + kind: "EmailTemplate" + version: "v1alpha1" + metricNamePrefix: milo_email_templates + commonLabels: + component: notification + resource_type: email_template + metrics: + - name: "info" + help: "Information about email templates" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + + - name: "status_condition" + help: "Status conditions for email templates" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the email template was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "observed_generation" + help: "The observed generation for the email template" + each: + type: Gauge + gauge: + path: [status, observedGeneration] + nilIsZero: true + + - name: "current_generation" + help: "The current generation for the email template" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/notification/telemetry/metrics/control-plane/emails.yaml b/config/services/notification/telemetry/metrics/control-plane/emails.yaml new file mode 100644 index 00000000..23adc66f --- /dev/null +++ b/config/services/notification/telemetry/metrics/control-plane/emails.yaml @@ -0,0 +1,56 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "notification.miloapis.com" + kind: "Email" + version: "v1alpha1" + metricNamePrefix: milo_emails + commonLabels: + component: notification + resource_type: email + labelsFromPath: + template_name: [spec, templateRef, name] + priority: [spec, priority] + metrics: + - name: "info" + help: "Information about emails" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for emails" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "delivery_attempts" + help: "Number of delivery attempts for the email" + each: + type: Gauge + gauge: + path: [status, deliveryAttempts] + nilIsZero: true + + - name: "created_timestamp" + help: "Timestamp when the email was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "current_generation" + help: "The current generation for the email" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/notification/telemetry/metrics/control-plane/kustomization.yaml b/config/services/notification/telemetry/metrics/control-plane/kustomization.yaml new file mode 100644 index 00000000..d509aa4f --- /dev/null +++ b/config/services/notification/telemetry/metrics/control-plane/kustomization.yaml @@ -0,0 +1,63 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# Kustomize component for notification custom resource state metrics +# Creates ConfigMaps that the resource-metrics-collector sidecar will discover +# and merge into its kube-state-metrics configuration +configMapGenerator: + - name: milo-notification-contacts-metrics + options: + labels: + notification.miloapis.com/resource-type: contacts + files: + - config.yaml=contacts.yaml + + - name: milo-notification-contactgroups-metrics + options: + labels: + notification.miloapis.com/resource-type: contactgroups + files: + - config.yaml=contact_groups.yaml + + - name: milo-notification-contactgroupmemberships-metrics + options: + labels: + notification.miloapis.com/resource-type: contactgroupmemberships + files: + - config.yaml=contact_group_memberships.yaml + + - name: milo-notification-contactgroupmembershipremovals-metrics + options: + labels: + notification.miloapis.com/resource-type: contactgroupmembershipremovals + files: + - config.yaml=contact_group_membership_removals.yaml + + - name: milo-notification-emails-metrics + options: + labels: + notification.miloapis.com/resource-type: emails + files: + - config.yaml=emails.yaml + + - name: milo-notification-emailtemplates-metrics + options: + labels: + notification.miloapis.com/resource-type: emailtemplates + files: + - config.yaml=email_templates.yaml + + - name: milo-notification-emailbroadcasts-metrics + options: + labels: + notification.miloapis.com/resource-type: emailbroadcasts + files: + - config.yaml=email_broadcasts.yaml + +generatorOptions: + disableNameSuffixHash: true + labels: + app.kubernetes.io/part-of: milo + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/component: notification-metrics + telemetry.datumapis.com/core-resource-metrics-config: "true" diff --git a/config/services/resource-manager/kustomization.yaml b/config/services/resource-manager/kustomization.yaml new file mode 100644 index 00000000..a0ab5430 --- /dev/null +++ b/config/services/resource-manager/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# Resource Manager service configuration +# Includes telemetry, IAM policies, and other service-specific configurations + +components: + - telemetry diff --git a/config/services/resource-manager/telemetry/kustomization.yaml b/config/services/resource-manager/telemetry/kustomization.yaml new file mode 100644 index 00000000..2e5a3664 --- /dev/null +++ b/config/services/resource-manager/telemetry/kustomization.yaml @@ -0,0 +1,25 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# Kustomize component for resource manager telemetry +# Includes both raw metrics collection and aggregation policies +# for comprehensive observability of the resource manager system. + +metadata: + name: resource-manager-telemetry + annotations: + config.kubernetes.io/function: | + container: + image: registry.k8s.io/kustomize/kustomize:v5.0.1 + config.kubernetes.io/local-config: "true" + +components: + - metrics/control-plane + +generatorOptions: + disableNameSuffixHash: false + labels: + milo.resourcemanager/telemetry: complete + app.kubernetes.io/part-of: milo + app.kubernetes.io/component: resource-manager + app.kubernetes.io/managed-by: kustomize diff --git a/config/services/resource-manager/telemetry/metrics/control-plane/kustomization.yaml b/config/services/resource-manager/telemetry/metrics/control-plane/kustomization.yaml new file mode 100644 index 00000000..f8ef1a44 --- /dev/null +++ b/config/services/resource-manager/telemetry/metrics/control-plane/kustomization.yaml @@ -0,0 +1,35 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +# Kustomize component for resource manager custom resource state metrics +# Creates ConfigMaps that the resource-metrics-collector sidecar will discover +# and merge into its kube-state-metrics configuration +configMapGenerator: + - name: milo-resourcemanager-organizations-metrics + options: + labels: + resourcemanager.miloapis.com/resource-type: organizations + files: + - config.yaml=organizations.yaml + + - name: milo-resourcemanager-projects-metrics + options: + labels: + resourcemanager.miloapis.com/resource-type: projects + files: + - config.yaml=projects.yaml + + - name: milo-resourcemanager-organizationmemberships-metrics + options: + labels: + resourcemanager.miloapis.com/resource-type: organizationmemberships + files: + - config.yaml=organizationmemberships.yaml + +generatorOptions: + disableNameSuffixHash: true + labels: + app.kubernetes.io/part-of: milo + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/component: resource-manager-metrics + telemetry.datumapis.com/core-resource-metrics-config: "true" diff --git a/config/services/resource-manager/telemetry/metrics/control-plane/organizationmemberships.yaml b/config/services/resource-manager/telemetry/metrics/control-plane/organizationmemberships.yaml new file mode 100644 index 00000000..2d8656e5 --- /dev/null +++ b/config/services/resource-manager/telemetry/metrics/control-plane/organizationmemberships.yaml @@ -0,0 +1,56 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "resourcemanager.miloapis.com" + kind: "OrganizationMembership" + version: "v1alpha1" + metricNamePrefix: milo_organization_memberships + commonLabels: + component: resource_manager + resource_type: organization_membership + labelsFromPath: + organization_name: [spec, organizationRef, name] + user_name: [spec, userRef, name] + metrics: + - name: "info" + help: "Information about organization memberships" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for organization memberships" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the organization membership was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "observed_generation" + help: "The observed generation for the organization membership" + each: + type: Gauge + gauge: + path: [status, observedGeneration] + nilIsZero: true + + - name: "current_generation" + help: "The current generation for the organization membership" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/resource-manager/telemetry/metrics/control-plane/organizations.yaml b/config/services/resource-manager/telemetry/metrics/control-plane/organizations.yaml new file mode 100644 index 00000000..b11bd2e2 --- /dev/null +++ b/config/services/resource-manager/telemetry/metrics/control-plane/organizations.yaml @@ -0,0 +1,54 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "resourcemanager.miloapis.com" + kind: "Organization" + version: "v1alpha1" + metricNamePrefix: milo_organizations + commonLabels: + component: resource_manager + resource_type: organization + labelsFromPath: + organization_type: [spec, type] + metrics: + - name: "info" + help: "Information about organizations" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + + - name: "status_condition" + help: "Status conditions for organizations" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the organization was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "observed_generation" + help: "The observed generation for the organization" + each: + type: Gauge + gauge: + path: [status, observedGeneration] + nilIsZero: true + + - name: "current_generation" + help: "The current generation for the organization" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/services/resource-manager/telemetry/metrics/control-plane/projects.yaml b/config/services/resource-manager/telemetry/metrics/control-plane/projects.yaml new file mode 100644 index 00000000..3f2bd999 --- /dev/null +++ b/config/services/resource-manager/telemetry/metrics/control-plane/projects.yaml @@ -0,0 +1,56 @@ +kind: CustomResourceStateMetrics +spec: + resources: + - groupVersionKind: + group: "resourcemanager.miloapis.com" + kind: "Project" + version: "v1alpha1" + metricNamePrefix: milo_projects + commonLabels: + component: resource_manager + resource_type: project + labelsFromPath: + owner_kind: [spec, ownerRef, kind] + owner_name: [spec, ownerRef, name] + metrics: + - name: "info" + help: "Information about projects" + each: + type: Info + info: + labelsFromPath: + uid: [metadata, uid] + name: [metadata, name] + namespace: [metadata, namespace] + + - name: "status_condition" + help: "Status conditions for projects" + each: + type: Info + info: + path: [status, conditions] + labelsFromPath: + type: [type] + status: [status] + + - name: "created_timestamp" + help: "Timestamp when the project was created" + each: + type: Gauge + gauge: + path: [metadata, creationTimestamp] + + - name: "observed_generation" + help: "The observed generation for the project" + each: + type: Gauge + gauge: + path: [status, observedGeneration] + nilIsZero: true + + - name: "current_generation" + help: "The current generation for the project" + each: + type: Gauge + gauge: + path: [metadata, generation] diff --git a/config/telemetry/alerts/iam/alerting-rules.yaml b/config/telemetry/alerts/iam/alerting-rules.yaml new file mode 100644 index 00000000..0ad2af2e --- /dev/null +++ b/config/telemetry/alerts/iam/alerting-rules.yaml @@ -0,0 +1,193 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: iam.miloapis.com-alerting-rules + labels: + app.kubernetes.io/name: milo + app.kubernetes.io/component: iam + app.kubernetes.io/part-of: milo + monitoring.coreos.com/prometheus: kube-prometheus +spec: + groups: + - name: iam.readiness + interval: 30s + rules: + # Users not ready + - alert: UsersNotReady + expr: iam.miloapis.com:users:not_ready > 0 + for: 2m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} users are not ready" + description: | + Users are not in Ready state, preventing authentication and access. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check user status: kubectl get users -o wide + 2. Review controller logs for user provisioning errors + 3. Verify authentication provider integration (Zitadel) + + # Roles not ready + - alert: RolesNotReady + expr: iam.miloapis.com:roles:not_ready > 0 + for: 5m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} roles are not ready" + description: | + Roles are not in Ready state, affecting RBAC configuration. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check role status: kubectl get roles.iam.miloapis.com -o wide + 2. Review role validation and permission configuration + 3. Verify authorization provider integration (OpenFGA) + + # Policy bindings not ready (critical for access control) + - alert: PolicyBindingsNotReady + expr: iam.miloapis.com:bindings:not_ready > 0 + for: 2m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} policy bindings are not ready" + description: | + Policy bindings are not in Ready state, breaking access control. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check binding status: kubectl get policybindings -o wide + 2. Review authorization provider sync errors + 3. Verify role and principal references are valid + + # Groups not ready + - alert: GroupsNotReady + expr: iam.miloapis.com:groups:not_ready > 0 + for: 5m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} groups are not ready" + description: | + Groups are not in Ready state, affecting team organization. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check group status: kubectl get groups.iam.miloapis.com -o wide + 2. Review group provisioning logic + 3. Verify group membership reconciliation + + # Group memberships not ready + - alert: GroupMembershipsNotReady + expr: iam.miloapis.com:group_memberships:not_ready > 0 + for: 5m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} group memberships are not ready" + description: | + Group memberships are not in Ready state, affecting group-based access. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check membership status: kubectl get groupmemberships -o wide + 2. Review member and group reference validation + 3. Verify membership sync to authorization provider + + # Machine accounts not ready (critical for service authentication) + - alert: MachineAccountsNotReady + expr: iam.miloapis.com:machine_accounts:not_ready > 0 + for: 2m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} machine accounts are not ready" + description: | + Machine accounts are not in Ready state, preventing service authentication. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check machine account status: kubectl get machineaccounts -o wide + 2. Review service account provisioning + 3. Verify authentication provider integration + + # Machine account keys not ready (critical for API access) + - alert: MachineAccountKeysNotReady + expr: iam.miloapis.com:machine_account_keys:not_ready > 0 + for: 1m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} machine account keys are not ready" + description: | + Machine account keys are not in Ready state, breaking API authentication. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check key status: kubectl get machineaccountkeys -o wide + 2. Review key generation and secret creation + 3. Verify key storage and distribution + + # User invitations not ready + - alert: UserInvitationsNotReady + expr: iam.miloapis.com:invitations:not_ready > 0 + for: 10m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} user invitations are not ready" + description: | + User invitations are not in Ready state, preventing user onboarding. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check invitation status: kubectl get userinvitations -o wide + 2. Review email delivery integration + 3. Verify invitation template rendering + + # User deactivations not ready + - alert: UserDeactivationsNotReady + expr: iam.miloapis.com:deactivations:not_ready > 0 + for: 5m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} user deactivations are not ready" + description: | + User deactivations are not in Ready state, delaying access revocation. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check deactivation status: kubectl get userdeactivations -o wide + 2. Review user state transitions + 3. Verify authentication provider sync diff --git a/config/telemetry/alerts/iam/kustomization.yaml b/config/telemetry/alerts/iam/kustomization.yaml new file mode 100644 index 00000000..b1924a9a --- /dev/null +++ b/config/telemetry/alerts/iam/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - alerting-rules.yaml diff --git a/config/telemetry/alerts/kustomization.yaml b/config/telemetry/alerts/kustomization.yaml index 299ee34b..ce3e9a1e 100644 --- a/config/telemetry/alerts/kustomization.yaml +++ b/config/telemetry/alerts/kustomization.yaml @@ -3,3 +3,5 @@ kind: Component components: - ./resources-manager + - ./iam + - ./notification diff --git a/config/telemetry/alerts/notification/alerting-rules.yaml b/config/telemetry/alerts/notification/alerting-rules.yaml new file mode 100644 index 00000000..6aee18b7 --- /dev/null +++ b/config/telemetry/alerts/notification/alerting-rules.yaml @@ -0,0 +1,93 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: notification.miloapis.com-alerting-rules + labels: + app.kubernetes.io/name: milo + app.kubernetes.io/component: notification + app.kubernetes.io/part-of: milo + monitoring.coreos.com/prometheus: kube-prometheus +spec: + groups: + - name: notification.readiness + interval: 30s + rules: + # Email templates not ready (critical for email delivery) + - alert: EmailTemplatesNotReady + expr: notification.miloapis.com:templates:not_ready > 0 + for: 2m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} email templates are not ready" + description: | + Email templates are not in Ready state, blocking email sending. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check template status: kubectl get emailtemplates -o wide + 2. Review template validation and rendering + 3. Verify template content and variable substitution + + # Contacts not ready + - alert: ContactsNotReady + expr: notification.miloapis.com:contacts:not_ready > 0 + for: 5m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} contacts are not ready" + description: | + Contacts are not in Ready state, affecting notification delivery. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check contact status: kubectl get contacts -o wide + 2. Review contact validation (email format, etc.) + 3. Verify contact provider integration + + # Contact groups not ready + - alert: ContactGroupsNotReady + expr: notification.miloapis.com:contact_groups:not_ready > 0 + for: 5m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} contact groups are not ready" + description: | + Contact groups are not in Ready state, affecting group notifications. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check contact group status: kubectl get contactgroups -o wide + 2. Review group membership resolution + 3. Verify contact references are valid + + # Email broadcasts not ready + - alert: EmailBroadcastsNotReady + expr: notification.miloapis.com:broadcasts:not_ready > 0 + for: 2m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} email broadcasts are not ready" + description: | + Email broadcasts are not in Ready state, delaying mass notifications. + + Not ready count: {{ $value }} + + Actions needed: + 1. Check broadcast status: kubectl get emailbroadcasts -o wide + 2. Review recipient list generation + 3. Verify template and delivery configuration diff --git a/config/telemetry/alerts/notification/kustomization.yaml b/config/telemetry/alerts/notification/kustomization.yaml new file mode 100644 index 00000000..b1924a9a --- /dev/null +++ b/config/telemetry/alerts/notification/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - alerting-rules.yaml diff --git a/config/telemetry/alerts/quota/alerting-rules.yaml b/config/telemetry/alerts/quota/alerting-rules.yaml new file mode 100644 index 00000000..8e20d9f6 --- /dev/null +++ b/config/telemetry/alerts/quota/alerting-rules.yaml @@ -0,0 +1,141 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: quota.miloapis.com-alerting-rules + labels: + app.kubernetes.io/name: milo + app.kubernetes.io/component: quota-system + app.kubernetes.io/part-of: milo + monitoring.coreos.com/prometheus: kube-prometheus +spec: + groups: + # ============================================================================= + # RESOURCE READINESS + # ============================================================================= + - name: quota.readiness + interval: 30s + rules: + # Claim creation policies not ready + - alert: ClaimCreationPoliciesNotReady + expr: | + count(milo_quota_claim_policy_info{component="quota_system"}) > 0 + and + count(milo_quota_claim_policy_status_condition{component="quota_system", type="Ready", status="False"} == 1) > 0 + for: 2m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} claim creation policies are not ready" + description: | + Claim creation policies are not in Ready state, potentially breaking quota enforcement. + + Not ready count: {{ $value }} + Target kind: {{ $labels.target_kind }} + + Actions needed: + 1. Check policy status: kubectl get claimcreationpolicies -o wide + 2. Review policy template validation and CEL expressions + 3. Verify target resource types and consumer resolution + 4. Check admission webhook functionality + + # Grant creation policies not ready + - alert: GrantCreationPoliciesNotReady + expr: | + count(milo_quota_grant_policy_info{component="quota_system"}) > 0 + and + count(milo_quota_grant_policy_status_condition{component="quota_system", type="Ready", status="False"} == 1) > 0 + for: 2m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} grant creation policies are not ready" + description: | + Grant creation policies are not in Ready state, preventing automated quota provisioning. + + Not ready count: {{ $value }} + Trigger kind: {{ $labels.trigger_kind }} + + Actions needed: + 1. Check policy status: kubectl get grantcreationpolicies -o wide + 2. Review policy template validation and trigger conditions + 3. Test policy trigger mechanisms and grant creation + + # Resource registrations not active + - alert: ResourceRegistrationsNotActive + expr: | + count(milo_quota_registration_info{component="quota_system"}) > 0 + and + count(milo_quota_registration_status_condition{component="quota_system", type="Active", status="False"} == 1) > 0 + for: 5m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} resource registrations are not active" + description: | + Resource registrations are not in Active state, breaking quota system functionality. + + Not active count: {{ $value }} + Consumer kind: {{ $labels.consumer_kind }} + Resource type: {{ $labels.resource_type }} + + Actions needed: + 1. Check registration status: kubectl get resourceregistrations -o wide + 2. Review registration validation errors + 3. Verify consumer and resource type configuration + 4. Check controller reconciliation logs + + # Resource grants not active + - alert: ResourceGrantsNotActive + expr: | + count(milo_quota_grant_info{component="quota_system"}) > 0 + and + count(milo_quota_grant_status_condition{component="quota_system", type="Active", status="False"} == 1) > 0 + for: 2m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} resource grants are not active" + description: | + Resource grants are not in Active state, preventing quota allocation. + + Not active count: {{ $value }} + Consumer: {{ $labels.consumer_kind }}/{{ $labels.consumer_name }} + + Actions needed: + 1. Check grant status: kubectl get resourcegrants -n milo-system -o wide + 2. Review grant validation and bucket aggregation + 3. Verify consumer references and resource registrations + + # Resource claims not granted + - alert: ResourceClaimsNotGranted + expr: | + count(milo_quota_claim_info{component="quota_system"}) > 0 + and + count(milo_quota_claim_status_condition{component="quota_system", type="Granted", status="False"} == 1) > 0 + for: 2m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} resource claims are not granted" + description: | + Resource claims are not in Granted state, indicating quota issues or exhaustion. + + Not granted count: {{ $value }} + Consumer: {{ $labels.consumer_kind }}/{{ $labels.consumer_name }} + Triggering resource: {{ $labels.triggering_resource_kind }} + + Actions needed: + 1. Check claim status: kubectl get resourceclaims -n milo-system -o wide + 2. Review quota availability and allocation + 3. Check for quota exhaustion or grant issues + 4. Verify claim validation and consumer quota buckets diff --git a/config/telemetry/alerts/quota/kustomization.yaml b/config/telemetry/alerts/quota/kustomization.yaml new file mode 100644 index 00000000..b1924a9a --- /dev/null +++ b/config/telemetry/alerts/quota/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - alerting-rules.yaml diff --git a/config/telemetry/alerts/resources-manager/projects.yaml b/config/telemetry/alerts/resources-manager/projects.yaml index e6bb2dec..222d1f0f 100644 --- a/config/telemetry/alerts/resources-manager/projects.yaml +++ b/config/telemetry/alerts/resources-manager/projects.yaml @@ -1,19 +1,76 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: - name: resourcemanager-projects + name: resourcemanager.miloapis.com-alerting-rules + labels: + app.kubernetes.io/name: milo + app.kubernetes.io/component: resource-manager + app.kubernetes.io/part-of: milo + monitoring.coreos.com/prometheus: kube-prometheus spec: groups: - - name: resourcemanager-projects + - name: resourcemanager.readiness + interval: 30s rules: - - alert: ProjectStuckCreatingSLOViolation - expr: | - (time() - milo_projects_created_timestamp) > 60 - unless ignoring(type, reason) (milo_projects_status_condition{type="Ready"} == 1) - for: 0s + # Organizations not ready + - alert: OrganizationsNotReady + expr: resourcemanager.miloapis.com:organizations:not_ready > 0 + for: 2m labels: severity: critical - slo_violation: "true" + category: readiness + team: platform annotations: - summary: "Project {{ $labels.resource_name }} is stuck creating for over 60 seconds" - description: "Project {{ $labels.resource_name }} has been in creation state for {{ $value }} seconds without reaching Ready status, which exceeds the 60-second SLO threshold." \ No newline at end of file + summary: "{{ $value }} organizations are not ready" + description: | + Organizations are not in Ready state, preventing proper operation. + + Not ready count: {{ $value }} + Organization type: {{ $labels.organization_type }} + + Actions needed: + 1. Check organization status: kubectl get organizations -o wide + 2. Review controller logs for reconciliation errors + 3. Verify organization namespace creation and initialization + + # Projects not ready + - alert: ProjectsNotReady + expr: resourcemanager.miloapis.com:projects:not_ready > 0 + for: 2m + labels: + severity: critical + category: readiness + team: platform + annotations: + summary: "{{ $value }} projects are not ready" + description: | + Projects are not in Ready state, preventing resource operations. + + Not ready count: {{ $value }} + Owner: {{ $labels.owner_kind }}/{{ $labels.owner_name }} + + Actions needed: + 1. Check project status: kubectl get projects -o wide + 2. Review controller logs for reconciliation errors + 3. Verify project namespace and control plane provisioning + + # Organization memberships not ready + - alert: OrganizationMembershipsNotReady + expr: resourcemanager.miloapis.com:memberships:not_ready > 0 + for: 5m + labels: + severity: warning + category: readiness + team: platform + annotations: + summary: "{{ $value }} organization memberships are not ready" + description: | + Organization memberships are not in Ready state, affecting user access. + + Not ready count: {{ $value }} + Organization: {{ $labels.organization_name }} + + Actions needed: + 1. Check membership status: kubectl get organizationmemberships -o wide + 2. Review RBAC provisioning and role binding creation + 3. Verify user references are valid \ No newline at end of file diff --git a/config/telemetry/recording-rules/iam/kustomization.yaml b/config/telemetry/recording-rules/iam/kustomization.yaml new file mode 100644 index 00000000..4e94bb8e --- /dev/null +++ b/config/telemetry/recording-rules/iam/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - recording-rules.yaml diff --git a/config/telemetry/recording-rules/iam/recording-rules.yaml b/config/telemetry/recording-rules/iam/recording-rules.yaml new file mode 100644 index 00000000..a3864cd2 --- /dev/null +++ b/config/telemetry/recording-rules/iam/recording-rules.yaml @@ -0,0 +1,116 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: iam.miloapis.com-recording-rules + labels: + app.kubernetes.io/name: milo + app.kubernetes.io/component: iam + app.kubernetes.io/part-of: milo + monitoring.coreos.com/prometheus: kube-prometheus +spec: + groups: + # ============================================================================= + # RESOURCE READINESS + # ============================================================================= + - name: iam.readiness.1m + interval: 15s + rules: + # NOT READY users + - record: iam.miloapis.com:users:not_ready + expr: | + count ( + milo_users_info{component="iam"} + unless on(name) ( + milo_users_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY roles + - record: iam.miloapis.com:roles:not_ready + expr: | + count ( + milo_roles_info{component="iam"} + unless on(name, namespace) ( + milo_roles_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY policy bindings + - record: iam.miloapis.com:bindings:not_ready + expr: | + count ( + milo_policy_bindings_info{component="iam"} + unless on(name, namespace) ( + milo_policy_bindings_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY protected resources + - record: iam.miloapis.com:protected_resources:not_ready + expr: | + count by (resource_kind) ( + milo_protected_resources_info{component="iam"} + unless on(name, namespace) ( + milo_protected_resources_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY groups + - record: iam.miloapis.com:groups:not_ready + expr: | + count ( + milo_groups_info{component="iam"} + unless on(name, namespace) ( + milo_groups_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY group memberships + - record: iam.miloapis.com:group_memberships:not_ready + expr: | + count ( + milo_group_memberships_info{component="iam"} + unless on(name, namespace) ( + milo_group_memberships_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY machine accounts + - record: iam.miloapis.com:machine_accounts:not_ready + expr: | + count ( + milo_machine_accounts_info{component="iam"} + unless on(name, namespace) ( + milo_machine_accounts_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY machine account keys + - record: iam.miloapis.com:machine_account_keys:not_ready + expr: | + count ( + milo_machine_account_keys_info{component="iam"} + unless on(name, namespace) ( + milo_machine_account_keys_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY user invitations + - record: iam.miloapis.com:invitations:not_ready + expr: | + count ( + milo_user_invitations_info{component="iam"} + unless on(name, namespace) ( + milo_user_invitations_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY user deactivations + - record: iam.miloapis.com:deactivations:not_ready + expr: | + count ( + milo_user_deactivations_info{component="iam"} + unless on(name, namespace) ( + milo_user_deactivations_status_condition{component="iam", type="Ready", status="True"} == 1 + ) + ) diff --git a/config/telemetry/recording-rules/kustomization.yaml b/config/telemetry/recording-rules/kustomization.yaml index 3ce1aa10..d349f6dc 100644 --- a/config/telemetry/recording-rules/kustomization.yaml +++ b/config/telemetry/recording-rules/kustomization.yaml @@ -3,3 +3,6 @@ kind: Component components: - ./quota + - ./resource-manager + - ./iam + - ./notification diff --git a/config/telemetry/recording-rules/notification/kustomization.yaml b/config/telemetry/recording-rules/notification/kustomization.yaml new file mode 100644 index 00000000..4e94bb8e --- /dev/null +++ b/config/telemetry/recording-rules/notification/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - recording-rules.yaml diff --git a/config/telemetry/recording-rules/notification/recording-rules.yaml b/config/telemetry/recording-rules/notification/recording-rules.yaml new file mode 100644 index 00000000..9fcd86a7 --- /dev/null +++ b/config/telemetry/recording-rules/notification/recording-rules.yaml @@ -0,0 +1,56 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: notification.miloapis.com-recording-rules + labels: + app.kubernetes.io/name: milo + app.kubernetes.io/component: notification + app.kubernetes.io/part-of: milo + monitoring.coreos.com/prometheus: kube-prometheus +spec: + groups: + # ============================================================================= + # RESOURCE READINESS + # ============================================================================= + - name: notification.readiness.1m + interval: 15s + rules: + # NOT READY email templates + - record: notification.miloapis.com:templates:not_ready + expr: | + count ( + milo_email_templates_info{component="notification"} + unless on(name, namespace) ( + milo_email_templates_status_condition{component="notification", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY contacts + - record: notification.miloapis.com:contacts:not_ready + expr: | + count ( + milo_contacts_info{component="notification"} + unless on(name, namespace) ( + milo_contacts_status_condition{component="notification", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY contact groups + - record: notification.miloapis.com:contact_groups:not_ready + expr: | + count ( + milo_contact_groups_info{component="notification"} + unless on(name, namespace) ( + milo_contact_groups_status_condition{component="notification", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY email broadcasts + - record: notification.miloapis.com:broadcasts:not_ready + expr: | + count ( + milo_email_broadcasts_info{component="notification"} + unless on(name, namespace) ( + milo_email_broadcasts_status_condition{component="notification", type="Ready", status="True"} == 1 + ) + ) diff --git a/config/telemetry/recording-rules/resource-manager/kustomization.yaml b/config/telemetry/recording-rules/resource-manager/kustomization.yaml new file mode 100644 index 00000000..4e94bb8e --- /dev/null +++ b/config/telemetry/recording-rules/resource-manager/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - recording-rules.yaml diff --git a/config/telemetry/recording-rules/resource-manager/recording-rules.yaml b/config/telemetry/recording-rules/resource-manager/recording-rules.yaml new file mode 100644 index 00000000..95a3873e --- /dev/null +++ b/config/telemetry/recording-rules/resource-manager/recording-rules.yaml @@ -0,0 +1,46 @@ +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: resourcemanager.miloapis.com-recording-rules + labels: + app.kubernetes.io/name: milo + app.kubernetes.io/component: resource-manager + app.kubernetes.io/part-of: milo + monitoring.coreos.com/prometheus: kube-prometheus +spec: + groups: + # ============================================================================= + # RESOURCE READINESS + # ============================================================================= + - name: resourcemanager.readiness.1m + interval: 15s + rules: + # NOT READY organizations + - record: resourcemanager.miloapis.com:organizations:not_ready + expr: | + count by (organization_type) ( + milo_organizations_info{component="resource_manager"} + unless on(name) ( + milo_organizations_status_condition{component="resource_manager", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY projects + - record: resourcemanager.miloapis.com:projects:not_ready + expr: | + count by (owner_kind, owner_name) ( + milo_projects_info{component="resource_manager"} + unless on(name) ( + milo_projects_status_condition{component="resource_manager", type="Ready", status="True"} == 1 + ) + ) + + # NOT READY organization memberships + - record: resourcemanager.miloapis.com:memberships:not_ready + expr: | + count by (organization_name) ( + milo_organization_memberships_info{component="resource_manager"} + unless on(name, namespace) ( + milo_organization_memberships_status_condition{component="resource_manager", type="Ready", status="True"} == 1 + ) + ) diff --git a/config/telemetry/resource-metrics-collector/deployment.yaml b/config/telemetry/resource-metrics-collector/deployment.yaml index 5b815590..98aac29f 100644 --- a/config/telemetry/resource-metrics-collector/deployment.yaml +++ b/config/telemetry/resource-metrics-collector/deployment.yaml @@ -79,7 +79,7 @@ spec: - name: NAMESPACE value: ALL - name: LABEL - value: "custom-resource-metrics-config" + value: "telemetry.datumapis.com/core-resource-metrics-config" - name: LABEL_VALUE value: "true" - name: FOLDER