Add config reloader sidecard to alertmanager

charts/aoi/README.md

@@ -9,7 +9,7 @@ A Helm chart for Netic application operations infrastructure
 | Repository | Name | Version |
 |------------|------|---------|
 | https://grafana.github.io/helm-charts | grafana | 7.0.9 |
-| https://victoriametrics.github.io/helm-charts/ | victoria-metrics-alert | 0.8.3 |
+| https://victoriametrics.github.io/helm-charts/ | victoria-metrics-alert | 0.9.0 |
 | https://victoriametrics.github.io/helm-charts/ | victoria-metrics-single-1(victoria-metrics-single) | 0.9.12 |
 | https://victoriametrics.github.io/helm-charts/ | victoria-metrics-single-2(victoria-metrics-single) | 0.9.12 |
 
@@ -26,7 +26,7 @@ A Helm chart for Netic application operations infrastructure
 | alerting.clusterWideNamespace.name | string | `"application-operations-alerting"` |  |
 | alerting.clusterWideNamespace.projectBootstrap | object | `{"git":{}}` | Options to configure the projectBootstrap used for cluster-wide alert namespace. |
 | alerting.enabled | bool | `false` | Enable deploying alerting components |
-| alerting.helmRelease | object | `{"values":{"alertmanager":{"image":{"pullPolicy":"Always","registry":"docker.io","repository":"prom/alertmanager"},"podSecurityContext":{"fsGroup":2000,"runAsGroup":3000,"runAsUser":1000},"priorityClassName":"secure-cloud-stack-tenant-namespace-application-critical","resources":{"limits":{"memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}},"server":{"configReloader":{"image":{"pullPolicy":"Always","registry":"docker.io","repository":"kiwigrid/k8s-sidecar","tag":"1.25.2"},"resources":{"limits":{"memory":"96Mi"},"requests":{"cpu":"10m","memory":"96Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}},"image":{"pullPolicy":"Always","registry":"docker.io","repository":"victoriametrics/vmalert"},"podSecurityContext":{"fsGroup":2000,"runAsGroup":3000,"runAsUser":1000},"priorityClassName":"secure-cloud-stack-tenant-namespace-application-critical","resources":{"limits":{"memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"readOnlyRootFilesystem":true}}}}` | Values to configure for the victoria-metrics-alert helm chart. https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-alert/values.yaml |
+| alerting.helmRelease | object | `{"values":{"alertmanager":{"configReloader":{"image":{"pullPolicy":"Always","registry":"ghcr.io","repository":"neticdk/inotifywait-reloader","tag":"0.0.2"},"resources":{"limits":{"memory":"96Mi"},"requests":{"cpu":"10m","memory":"96Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}},"image":{"pullPolicy":"Always","registry":"docker.io","repository":"prom/alertmanager"},"podSecurityContext":{"fsGroup":2000,"runAsGroup":3000,"runAsUser":1000},"priorityClassName":"secure-cloud-stack-tenant-namespace-application-critical","resources":{"limits":{"memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}},"server":{"configReloader":{"image":{"pullPolicy":"Always","registry":"docker.io","repository":"kiwigrid/k8s-sidecar","tag":"1.25.4"},"resources":{"limits":{"memory":"96Mi"},"requests":{"cpu":"10m","memory":"96Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}},"image":{"pullPolicy":"Always","registry":"docker.io","repository":"victoriametrics/vmalert"},"podSecurityContext":{"fsGroup":2000,"runAsGroup":3000,"runAsUser":1000},"priorityClassName":"secure-cloud-stack-tenant-namespace-application-critical","resources":{"limits":{"memory":"64Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["all"]},"readOnlyRootFilesystem":true}}}}` | Values to configure for the victoria-metrics-alert helm chart. https://github.com/VictoriaMetrics/helm-charts/blob/master/charts/victoria-metrics-alert/values.yaml |
 | alerting.helmRepository | string | `nil` | Override the default helmRepository used to deploy alerting components |
 | alerting.namespaces | list | `[]` | List of namespaces which should have alerting components deployed |
 | authProxy.affinity | list | `[]` |  |
@@ -189,5 +189,3 @@ A Helm chart for Netic application operations infrastructure
 | victoria-metrics-single-2.server.serviceMonitor.enabled | bool | `true` |  |
 | victoria-metrics-single-2.server.serviceMonitor.extraLabels."netic.dk/monitoring" | string | `"true"` |  |
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/aoi/templates/application-operations-alerting/HelmRelease.yaml

@@ -85,6 +85,24 @@ spec:
         {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.securityContext | nindent 8 }}
       podSecurityContext:
         {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.podSecurityContext | nindent 8 }}
+      extraContainers:
+        - name: config-reloader
+          image: "{{ $.Values.alerting.helmRelease.values.alertmanager.configReloader.image.registry }}/{{ $.Values.alerting.helmRelease.values.alertmanager.configReloader.image.repository }}:{{ $.Values.alerting.helmRelease.values.alertmanager.configReloader.image.tag }}"
+          imagePullPolicy: {{ $.Values.alerting.helmRelease.values.alertmanager.configReloader.image.pullPolicy }}
+          resources:
+            {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.configReloader.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml $.Values.alerting.helmRelease.values.alertmanager.configReloader.securityContext | nindent 12 }}
+          env:
+            - name: WATCH_PATHS
+              value: /tmp/rules
+            - name: REQ_URL
+              value: http://localhost:9093/-/reload
+            - name: REQ_METHOD
+              value: POST
+          volumeMounts:
+            - name: config
+              mountPath: /tmp/config
     serviceMonitor:
       enabled: true
       extraLabels:

charts/aoi/values.yaml

@@ -296,7 +296,7 @@ victoria-metrics-single-2:
     retentionPeriod: 90d
     image:
       pullPolicy: Always
-    # Try to not schedule victoria-metrics-single-2 in same zone as victoria-metrics-single-1      
+    # Try to not schedule victoria-metrics-single-2 in same zone as victoria-metrics-single-1
     affinity:
       podAntiAffinity:
         requiredDuringSchedulingIgnoredDuringExecution:
@@ -382,7 +382,7 @@ alerting:
           image:
             registry: docker.io
             repository: kiwigrid/k8s-sidecar
-            tag: "1.25.2"
+            tag: "1.25.4"
             pullPolicy: Always
           resources:
             limits:
@@ -418,12 +418,30 @@ alerting:
           capabilities:
             drop:
               - ALL
+        configReloader:
+          image:
+            registry: ghcr.io
+            repository: neticdk/inotifywait-reloader
+            tag: "0.0.2"
+            pullPolicy: Always
+          resources:
+            limits:
+              memory: 96Mi
+            requests:
+              cpu: 10m
+              memory: 96Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+                - ALL
         podSecurityContext:
           runAsUser: 1000
           runAsGroup: 3000
           fsGroup: 2000
 
-# This is here to disable everything from the victoria-metrics-alert helm chart in chart.yaml since it is only used for versioning 
+# This is here to disable everything from the victoria-metrics-alert helm chart in chart.yaml since it is only used for versioning
 # Do not change!
 victoria-metrics-alert:
   serviceAccount: