From 31033870652646ca989e310cc09bbe0bf65746ed Mon Sep 17 00:00:00 2001 From: Masaki Yatsu Date: Sat, 8 Nov 2025 22:51:50 +0900 Subject: [PATCH] feat(prometheus): set service monitor label selector --- .gitignore | 1 + prometheus/justfile | 3 +++ prometheus/values.gomplate.yaml | 7 +++++++ vault/justfile | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/.gitignore b/.gitignore index 6013e6f..c4ee134 100644 --- a/.gitignore +++ b/.gitignore @@ -140,3 +140,4 @@ dist /custom /private/ .mcp.json +/.playwright-mcp/ diff --git a/prometheus/justfile b/prometheus/justfile index 07870c9..6293fb8 100644 --- a/prometheus/justfile +++ b/prometheus/justfile @@ -119,6 +119,9 @@ install: check-env --wait \ -f values.yaml + # Label monitoring namespace to enable self-monitoring + kubectl label namespace ${PROMETHEUS_NAMESPACE} buun.channel/enable-monitoring=true --overwrite + admin_password=$(just admin-password) echo "" diff --git a/prometheus/values.gomplate.yaml b/prometheus/values.gomplate.yaml index 53a1e3e..a76f04e 100644 --- a/prometheus/values.gomplate.yaml +++ b/prometheus/values.gomplate.yaml @@ -60,6 +60,13 @@ prometheus: requests: storage: 50Gi + # ServiceMonitor selection + # Select ServiceMonitors with release label only in namespaces with enable-monitoring label + serviceMonitorSelectorNilUsesHelmValues: true + serviceMonitorNamespaceSelector: + matchLabels: + buun.channel/enable-monitoring: "true" + {{- if .Env.PROMETHEUS_HOST }} ingress: enabled: true diff --git a/vault/justfile b/vault/justfile index 4347c45..ad96f27 100644 --- a/vault/justfile +++ b/vault/justfile @@ -454,3 +454,7 @@ write-policy name file: # Login to Vault using OIDC login: @vault login -method=oidc + +# NOTE: Vault monitoring is not supported +# Reason: Prometheus ServiceMonitor does not support custom HTTP headers (X-Vault-Token) +# Alternative: Use Vault Exporter or manual Prometheus scrape_configs