diff --git a/k8s/turingpi/apps/monitoring/grafana/app/helmrelease.yaml b/k8s/turingpi/apps/monitoring/grafana/app/helmrelease.yaml index e03b0024..ab081886 100644 --- a/k8s/turingpi/apps/monitoring/grafana/app/helmrelease.yaml +++ b/k8s/turingpi/apps/monitoring/grafana/app/helmrelease.yaml @@ -124,6 +124,11 @@ spec: datasource: - { name: DS_PROMETHEUS, value: Prometheus } - { name: VAR_REPLICATIONDESTNAME, value: .*-dst } + mikrotik: + gnetId: 13679 + revision: 22 + datasource: + - { name: DS_PROMETHEUS, value: Prometheus } ingress: enabled: true ingressClassName: nginx diff --git a/k8s/turingpi/apps/monitoring/kustomization.yaml b/k8s/turingpi/apps/monitoring/kustomization.yaml index d3fc1409..feaae016 100644 --- a/k8s/turingpi/apps/monitoring/kustomization.yaml +++ b/k8s/turingpi/apps/monitoring/kustomization.yaml @@ -7,6 +7,7 @@ resources: - ./grafana/ks.yaml - ./kube-prometheus-stack/ks.yaml - ./loki/ks.yaml + - ./mktxp-exporter/ks.yaml - ./network-ups-tools/ks.yaml - ./nut-exporter/ks.yaml - ./prometheus-operator-crds/ks.yaml diff --git a/k8s/turingpi/apps/monitoring/mktxp-exporter/app/helmrelease.yaml b/k8s/turingpi/apps/monitoring/mktxp-exporter/app/helmrelease.yaml new file mode 100644 index 00000000..bd60f259 --- /dev/null +++ b/k8s/turingpi/apps/monitoring/mktxp-exporter/app/helmrelease.yaml @@ -0,0 +1,170 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mktxp-exporter + namespace: monitoring +spec: + interval: 5m + chart: + spec: + chart: app-template + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + interval: 1m + values: + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 + fsGroup: 65534 + fsGroupChangePolicy: OnRootMismatch + seccompProfile: + type: RuntimeDefault + controllers: + mktxp-exporter: + replicas: 1 + containers: + app: + image: + repository: ghcr.io/akpw/mktxp + tag: stable-20240821070725 + pullPolicy: IfNotPresent + resources: + limits: + memory: 128Mi + requests: + cpu: 10m + memory: 32Mi + probes: + liveness: + enabled: true + readiness: + enabled: true + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + service: + app: + controller: mktxp-exporter + ports: + metrics: + port: 49090 + protocol: HTTP + serviceMonitor: + app: + serviceName: mktxp-exporter + endpoints: + - port: metrics + persistence: + config: + type: secret + name: mktxp-exporter-config + defaultMode: 0400 + globalMounts: + - path: /mktxp + secrets: + config: + stringData: + mktxp.conf: |- + [CRS310] + hostname = 192.168.254.253 + + [default] + username = ${NET_MONITORING_USER} + password = ${NET_MONITORING_PASS} + + enabled = True # turns metrics collection for this RouterOS device on / off + hostname = localhost # RouterOS IP address + port = 8728 # RouterOS IP Port + + use_ssl = False # enables connection via API-SSL servis + no_ssl_certificate = False # enables API_SSL connect without router SSL certificate + ssl_certificate_verify = False # turns SSL certificate verification on / off + plaintext_login = True # for legacy RouterOS versions below 6.43 use False + + installed_packages = True # Installed packages + dhcp = True # DHCP general metrics + dhcp_lease = True # DHCP lease metrics + + connections = True # IP connections metrics + connection_stats = False # Open IP connections metrics + + interface = True # Interfaces traffic metrics + + route = True # IPv4 Routes metrics + pool = True # IPv4 Pool metrics + firewall = True # IPv4 Firewall rules traffic metrics + neighbor = True # IPv4 Reachable Neighbors + + ipv6_route = False # IPv6 Routes metrics + ipv6_pool = False # IPv6 Pool metrics + ipv6_firewall = False # IPv6 Firewall rules traffic metrics + ipv6_neighbor = False # IPv6 Reachable Neighbors + + poe = True # POE metrics + monitor = True # Interface monitor metrics + netwatch = True # Netwatch metrics + public_ip = True # Public IP metrics + wireless = True # WLAN general metrics + wireless_clients = True # WLAN clients metrics + capsman = True # CAPsMAN general metrics + capsman_clients = True # CAPsMAN clients metrics + + lte = False # LTE signal and status metrics (requires additional 'test' permission policy on RouterOS v6) + ipsec = False # IPSec active peer metrics + switch_port = False # Switch Port metrics + + kid_control_assigned = False # Allow Kid Control metrics for connected devices with assigned users + kid_control_dynamic = False # Allow Kid Control metrics for all connected devices, including those without assigned user + + user = True # Active Users metrics + queue = True # Queues metrics + + bgp = False # BGP sessions metrics + certificate = False # Certificates metrics + + remote_dhcp_entry = None # An MKTXP entry to provide for remote DHCP info / resolution + remote_capsman_entry = None # An MKTXP entry to provide for remote capsman info + + use_comments_over_names = True # when available, forces using comments over the interfaces names + check_for_updates = False # check for available ROS updates + _mktxp.conf: |- + ## Copyright (c) 2020 Arseniy Kuznetsov + ## + ## This program is free software; you can redistribute it and/or + ## modify it under the terms of the GNU General Public License + ## as published by the Free Software Foundation; either version 2 + ## of the License, or (at your option) any later version. + ## + ## This program is distributed in the hope that it will be useful, + ## but WITHOUT ANY WARRANTY; without even the implied warranty of + ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + + + [MKTXP] + listen = '0.0.0.0:49090' # Space separated list of socket addresses to listen to, both IPV4 and IPV6 + socket_timeout = 5 + + initial_delay_on_failure = 120 + max_delay_on_failure = 900 + delay_inc_div = 5 + + bandwidth = False # Turns metrics bandwidth metrics collection on / off + bandwidth_test_interval = 600 # Interval for collecting bandwidth metrics + minimal_collect_interval = 5 # Minimal metric collection interval + + verbose_mode = False # Set it on for troubleshooting + + fetch_routers_in_parallel = False # Fetch metrics from multiple routers in parallel / sequentially + max_worker_threads = 5 # Max number of worker threads that can fetch routers (parallel fetch only) + max_scrape_duration = 30 # Max duration of individual routers' metrics collection (parallel fetch only) + total_max_scrape_duration = 90 # Max overall duration of all metrics collection (parallel fetch only) + + compact_default_conf_values = False # Compact mktxp.conf, so only specific values are kept on the individual routers' level diff --git a/k8s/turingpi/apps/monitoring/mktxp-exporter/app/kustomization.yaml b/k8s/turingpi/apps/monitoring/mktxp-exporter/app/kustomization.yaml new file mode 100644 index 00000000..17cbc72b --- /dev/null +++ b/k8s/turingpi/apps/monitoring/mktxp-exporter/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/k8s/turingpi/apps/monitoring/mktxp-exporter/ks.yaml b/k8s/turingpi/apps/monitoring/mktxp-exporter/ks.yaml new file mode 100644 index 00000000..34360460 --- /dev/null +++ b/k8s/turingpi/apps/monitoring/mktxp-exporter/ks.yaml @@ -0,0 +1,25 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app mktxp-exporter + namespace: flux-system +spec: + targetNamespace: monitoring + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./k8s/turingpi/apps/monitoring/mktxp-exporter/app + prune: true + sourceRef: + kind: GitRepository + name: homelab + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substituteFrom: + - kind: Secret + name: cluster-secrets diff --git a/k8s/turingpi/flux/vars/cluster-secrets.enc.yaml b/k8s/turingpi/flux/vars/cluster-secrets.enc.yaml index ac3a3a21..854b4a27 100644 --- a/k8s/turingpi/flux/vars/cluster-secrets.enc.yaml +++ b/k8s/turingpi/flux/vars/cluster-secrets.enc.yaml @@ -5,52 +5,54 @@ metadata: namespace: flux-system type: Opaque stringData: - RESTIC_REPOSITORY: ENC[AES256_GCM,data:w9HmrJn92Q6jVDqxSAewB/EL8ulNBxRiQPbj4Sx+oNKj4toAKUE85WEpQsVKzjFP+lW22Z4bqj8Ri4uF6M986Zk0Vml5/5VkO/r2IEiR2Pg=,iv:Q7Bd2o30+egEbnNa/0DZLfJiH6vcealm/rCgjPf7mZg=,tag:8PFn8NsuiukKKA2a6lcXJA==,type:str] - RESTIC_PASSWORD: ENC[AES256_GCM,data:PprJeE02DZdqCl4e5y8ocuMJSlMLK60HkePvmzJjtERpTflfl3CLfSHSQZg1tA2qBqaLGhc4sYIOwx4V2EGB,iv:tq45rdCHUwo6Y+UHjfVaenrZiYnsMw97KARDwC39Rzw=,tag:uXt7lnU2W6F59Efqrrkfag==,type:str] - AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:PfUozYFznYaJ+FJ6hx/bCsryEiUypI59z+GCNr6XfuY=,iv:6NX7m1To+2qsEycBkbxbgnvmGaCQUzlG4f8Jstc5ccE=,tag:9BVQrFjD0NOo6NS33sn5mQ==,type:str] - AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:CITPxaCghRUY0fdNcyOKYcJNpLa5170/tHRzjKaNF7sWmWDLbnDakBhDPnp7hEqVA7FBTYI8UuFuwmrSsd01tA==,iv:SQTMon6UO8rc9dRZd5ucNykcFg1E45ElMOyNp9Av9ok=,tag:dHchaEbDFAIfnsRkGSXsVQ==,type:str] - ACME_EMAIL: ENC[AES256_GCM,data:KdRx3ILkc5cmOtn+5bONtBlcQDI=,iv:Yc0ylL08dKj6ZErclCu1qXaH+meLkEeKGgMOQREGc7E=,tag:XKfFd4gEmZIHrJijCFvrNg==,type:str] + RESTIC_REPOSITORY: ENC[AES256_GCM,data:g/4vQJeDsKywvEVKKp1RVwNgS2o4gWMOcfAV6V5n/U4M0LhljHyCk6Nh1X8nYIG6S2XsgQ+/DTUnSGsmApgENSwUgeXw2r7TOsLVFSV0MNQ=,iv:6ubItIKURiSXU0L42FTybnYTNu8LukB1thBBpReh0Qw=,tag:PHe6eXbcAtO0qz+ubcShoQ==,type:str] + RESTIC_PASSWORD: ENC[AES256_GCM,data:tGbjnE4D87hSTvkU9A68MdGx2iMVjGVR9HxLPdZkc5xfinlL3bPbe8Nna+xeFTSsp9ihGs+EKv2detrXwt0U,iv:7cdW4/XaFEtaHiS8S08cLqOx6AAILmpAt4MaWkhG5uw=,tag:P/XOMubjP8QF7B4WWn3ofA==,type:str] + AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:sLY5LzWQjrffDZ/PoBtJAhw3h3E0nJtYFBtfgSgZaJY=,iv:UllxCdUmIFDw29+5kF6dyT52F6DbLymvwTFK8CPzEsg=,tag:gfZCAXOJNc8QgA73wz8A4g==,type:str] + AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:Pb+7cIYvpwKXSOMZUBsLMXEeF1yuWrE1Ks/bTyDXaOs1WNMMPCV+U9l7ibRfwDRdBQFdLCQ9gygv3kdHwDmmYA==,iv:ex8zj6biM0ekoa5hE4Blw4C+Zf1Q7n0MZO1hASF5Cf0=,tag:JbuMKzKgdXvqCFUK4TYbUw==,type:str] + ACME_EMAIL: ENC[AES256_GCM,data:ewmu94e+1xOXdWn5BHLOUmBaXrI=,iv:Hw1PlNPmC5AEt3iQG6G3ILEDA0JfReWQUowr+Cx0C14=,tag:I5wA1QrF/5FHIKkR1cMswA==,type:str] + NET_MONITORING_USER: ENC[AES256_GCM,data:A0O9dm8dCCoqjg==,iv:tkoQyUYcBKsU2dUMviYnBLemAgYn8J89z1P0wUS7xpU=,tag:C+jesOYpfAs2UwCl9AnBxQ==,type:str] + NET_MONITORING_PASS: ENC[AES256_GCM,data:sQ+cWn0pWUUmTSpPksAhv4DwbiE=,iv:ZDKoVWd7JqjtpDN+zTUILJWrCAwlXpSpijXoypyi2G4=,tag:dERUvca+eJPsV0oEE21HtQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-09-22T23:18:39Z" - mac: ENC[AES256_GCM,data:w7wfeSJy7so9iKSpEyFm/8RQp44bEYav/u5J+gakAigJlt3vIFXbA/NvCq+uo+GM/bocZvlOUtJDJgq4qBJy4nEDbmgvh7rLW5UzGowlUJAR9FXvaiyUWJlEjNzzC59UhICQOC4/TmVaYsRx8wZ92B26hJxiI4r9xNcLWASKkb0=,iv:9QXzKq4j1c6f173jnPntfF0cyN9R6p6y38nCunGHaT8=,tag:+vRE6ryjcuI7Q7kc1wZ8hw==,type:str] + lastmodified: "2024-10-20T04:19:15Z" + mac: ENC[AES256_GCM,data:8xV+hNHQqjR+/1DZbx7zIm5p1FliSNMDR1GgRwWMlA3dgtWrakSAi+uKuXMc41MUmrGOQAHqlYtPx7CIOr4+3Gtg5WgJwiqAP81hHetNQ9TSH+X8Ew5JsyLfxOx4Wn2Qwqlz5INcApoEQqS22OBiTtvtoWrrux8lPUleOEmybis=,iv:uWUvcAdGpRiAVYatA+RybyRj3x32Kh7caEBMfTiHjjk=,tag:GKBi/r7zBAJDri+chgONkw==,type:str] pgp: - - created_at: "2024-09-22T23:18:39Z" + - created_at: "2024-10-20T04:19:15Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA5DuDCLnNCw6ARAAz1NUtTXIAA2earlxAv7NFcHsC1ScjQKrHiKpSBNLw1d/ - +mfJUyEcqEG48pQCrWXvlQS7k0sqlplhXHIMIy9igUCqjsdoWWsXzf3hzboAA5pr - VpqX+b9y7hNMkGQcGnrfI4va9Co95moavix/Lk0d/bHtFmz3vW7A0t6az7/xRZbm - tu8zbni+bPHK86id6lhaNsIfV70+JCBMs9d/hgmAVdK2o3/2C85z1BJmrXriO0dW - 0rBzM1qLUevxMB8eCI0MNe1JF9Pl04q3g8KW3woc4DW6NTrDYtpj8SKqw38EGKhl - FfXYIfyGovy6EQ/cY167zpVvcPlByV2RW5sViug+K2uIPXWloilfU+izMR8cmZBD - /7/mw+KYpmYdgyKTt5bpRFMNmZrCLkLh5lRaopZBExmzVkVnMXT97tYXeT+6hQwo - tDrriGfCCdBPc7bUZ+tFqgK2bWNonj9uoEAdNhMBGCzGOCttlWejLOSzmZIyWOJ4 - 9k0gG3Ms7m/BKquW4OzSc+n4OvAaGYxUGkjvIH/00EAjInwb+mrt3J5I/LyLn/ge - HJWZJm8mWoXCdqBeGzpRcqArJLBJuAc7UrNnpEjZl5XsTFgNSh50lBnbp3Y5go3r - Y7R6TV5iQwKSngwbkCDzlDpw/7BwGe+K3WjQcSYTzflyOrVztwnZjLfy1NSVnMfU - aAEJAhCECPy2HHC/m+LmEYeNAVrCH7ow2CPAfy223xFO7je4vPCJ4gHQUlsRNN4v - 3cb5wzTPGeJAwjDsus1W3RjXGT4M7jKyFSrm0Zm37aegiUKXIS5DhXgJsmtMEY+T - qT8/RR1H295Z - =n6Ty + hQIMA5DuDCLnNCw6ARAAsVqfd1rkkr85S/SehqXVRSkoFAhOuGhPe/ZPO9MEZTAy + NDl3BPjNEmzmvUXaFqlPTyLeVedad4v4tCj+bP3lrtCpRek+5TbvRFGY6Sc6iu1a + 8Z+rKJJukdFlFmZxEZmwPRu1u2N2QrNOfdRq9hPoLFvPEcsP8JlyE+TZOoGi7OSq + 52kIBvA1Jy6FbBpvT1ZrAJT5A7B1WbXt0s6CQiM+D1J6+/28gYLIylbTt1gWR2Aa + 3NUhG/BOBVORoMS70YzrHt9RlUs/371+Qnqf1su7wmvkl2bD3bxf26joB1n3Qhy0 + deprjJgeF766VsUQrGllc+bt8lXHxfL3uM4FzaHs7BdublVgYVzh++sYmYK+q9NG + qpMP9Eyq+uSA1Qn62SGC5VhCCTasj8najgHFYcpkwFSTj+00xx1BRICIrtve1soN + Xyp8F28vukGOZmmbhKCdzPvWcSpzNnQeDHa8+z+L755cAEX5aVzd0LWErUnHKdr5 + /A7gkSjbINCNNE+froDn/ecVKaTPdiR9epN3LJQ3zifJDJ8La68SIT7DmYznWaQF + iDTcKWCpqJ8GHmKiVAVj/I/+fJMWT493C+uVPa0tDROSu8Br3DPy3qqMATP7W2Py + mrtE5TUvykbVWBfCYU/Hrut5NPzGnhIdhoxu/P9Oz8QTGjYypheQZ2ZEzBfzWwvU + aAEJAhBLxZcujqhCueZZzjOgZdx2vIjc1N40+vO2q5s9RxyZfrqCbOkzHRKNB92U + z2/7ccVk9FcY5ndyQYF4mcIwFUnEdC4IhdB3VPD/T9xAJz6tOd6rbJkf5z/S5BXe + msQIZMZIgObi + =fJ/4 -----END PGP MESSAGE----- fp: 050787E6CDC4F90636141B1D2C5BB181A0326054 - - created_at: "2024-09-22T23:18:39Z" + - created_at: "2024-10-20T04:19:15Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DHfhkqE7LHSASAQdABZaS6xX426ORZ1icev2DHGvVIF0a7JK+yj34gy7icQcw - 7bwnHNfDF6XxLinjN12+jrnihJswUMNXZwTU+8ZKtG7/BLfxFryC+M0nCJZfT4VA - 1GgBCQIQUdAMijz9zB7MEnTGQJOe/rghwe17IhSvCfdpL6Vihxbs2wBWOTHU4gqI - v3m9wgPvL6RZ2EZixZ4BTj22lIQRqvu26tR4cqZCrBuPE4947+WEtdAJ1Roxr57V - DKzRdW6lG0Vl9Q== - =weAR + hF4DHfhkqE7LHSASAQdAuSwR+IZ7Nk5xAsB/he+OsZAPQd9m9abax0J0/6riMQsw + JmIWRN/Ekc4+0c6wsm+s2khAHdvnZYckbpDSSPKM90viGoArbtEXvEP7vzwLigwN + 1GgBCQIQ6u9eYiBVlJ3fxT+H5bT5qK+Cyf1ER5zlCc1GcNwcZ1pBzmh6BeZfMD+H + SJjE4HxjlkP6vHIWUNzXQE/mF8o+2l164zugbjYfpA4s4mKLbuqwJKW9Bbox9v59 + Q7oo9KT9Ubj4vw== + =xfjd -----END PGP MESSAGE----- fp: E39A9ADC5719F27F46267014C7339B5CD6A9FAB1 encrypted_regex: ^(data|stringData)$ - version: 3.9.0 + version: 3.9.1