Add hpz440 host configuration and SSH setup for Windows; update Prometheus targets and variables
This commit is contained in:
@@ -10,6 +10,16 @@ game_password: "{{ lookup('env', 'WIN_GAME_PASSWORD') }}"
|
||||
game_default_groups:
|
||||
- Administradores # This is mandatory to install games
|
||||
|
||||
ssh_users:
|
||||
- name: "{{ ansible_user }}"
|
||||
admin: true
|
||||
keys:
|
||||
- "{{ lookup('file', 'keys/ansible_user.pub') }}"
|
||||
- name: calex
|
||||
admin: true
|
||||
keys:
|
||||
- "{{ lookup('file', 'keys/operator.pub') }}"
|
||||
|
||||
grafana_prometheus_sources:
|
||||
- 10.19.4.136
|
||||
windows_exporter_collectors:
|
||||
|
||||
@@ -0,0 +1,35 @@
|
||||
hostname: hpz440.lab.alexpires.me
|
||||
ansible_user: "{{ lookup('env', 'ANSIBLE_USER') }}"
|
||||
ansible_password: "{{ lookup('env', 'WIN_HPZ440_PASSWORD') }}"
|
||||
ansible_connection: winrm
|
||||
ansible_winrm_transport: basic
|
||||
ansible_winrm_server_cert_validation: ignore
|
||||
|
||||
ssh_users:
|
||||
- name: "{{ ansible_user }}"
|
||||
admin: true
|
||||
keys:
|
||||
- "{{ lookup('file', 'keys/ansible_user.pub') }}"
|
||||
- name: HP
|
||||
admin: true
|
||||
keys:
|
||||
- "{{ lookup('file', 'keys/operator.pub') }}"
|
||||
|
||||
grafana_prometheus_sources:
|
||||
- 10.19.4.136
|
||||
|
||||
windows_exporter_collectors:
|
||||
- cache
|
||||
- cpu
|
||||
- cpu_info
|
||||
- gpu
|
||||
- diskdrive
|
||||
- logical_disk
|
||||
- memory
|
||||
- net
|
||||
- os
|
||||
- process
|
||||
- service
|
||||
- tcp
|
||||
- time
|
||||
- update
|
||||
@@ -89,7 +89,7 @@ fail2ban_jails:
|
||||
logpath: "/var/log/auth.log"
|
||||
maxretry: 5
|
||||
findtime: 600
|
||||
bantime: 3600
|
||||
bantime: -1
|
||||
postfix:
|
||||
enabled: true
|
||||
port: "smtp,ssmtp"
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
- name: Setup ssh on Windows
|
||||
hosts: windows
|
||||
|
||||
tasks:
|
||||
- name: Setup ssh
|
||||
ansible.builtin.include_tasks:
|
||||
file: tasks/windows_ssh.yml
|
||||
@@ -15,3 +15,4 @@ CLOUDNS_AUTH_ID=$CLOUDNS_AUTH_ID
|
||||
CLOUDNS_PASSWORD=$CLOUDNS_PASSWORD
|
||||
WIN_PROVISION_PASSWORD=$WIN_PROVISION_PASSWORD
|
||||
WIN_GAME_PASSWORD=$WIN_GAME_PASSWORD
|
||||
WIN_HPZ440_PASSWORD=$WIN_HPZ440_PASSWORD
|
||||
@@ -0,0 +1,213 @@
|
||||
# Expects variable `ssh_users` as list of objects:
|
||||
# ssh_users:
|
||||
# - name: alice
|
||||
# keys:
|
||||
# - "ssh-ed25519 AAAA..."
|
||||
# - "ssh-rsa AAAA..."
|
||||
# - name: bob
|
||||
# keys:
|
||||
# - "ssh-rsa AAAA..."
|
||||
- name: Ensure OpenSSH Server capability is installed (if available)
|
||||
ansible.windows.win_shell: |
|
||||
$cap = Get-WindowsCapability -Online | Where-Object { $_.Name -like 'OpenSSH.Server*' }
|
||||
if ($cap -and $cap.State -ne 'Installed') {
|
||||
Add-WindowsCapability -Online -Name $cap.Name
|
||||
Write-Output 'installed'
|
||||
} else {
|
||||
Write-Output 'present'
|
||||
}
|
||||
args:
|
||||
executable: powershell.exe
|
||||
register: openssh_install
|
||||
changed_when: "'installed' in openssh_install.stdout"
|
||||
|
||||
- name: Ensure host keys exist (ssh-keygen -A)
|
||||
ansible.windows.win_shell: |
|
||||
$exe = 'C:\Windows\System32\OpenSSH\ssh-keygen.exe'
|
||||
if (Test-Path $exe) {
|
||||
& $exe -A 2>&1
|
||||
Write-Output 'hostkeys-generated'
|
||||
} else {
|
||||
Write-Output 'ssh-keygen-not-found'
|
||||
exit 2
|
||||
}
|
||||
register: ssh_keygen
|
||||
changed_when: "'hostkeys-generated' in ssh_keygen.stdout"
|
||||
|
||||
- name: Restrict private host key file permissions (icacls) and remove provision user access
|
||||
ansible.windows.win_shell: |
|
||||
$current = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
|
||||
$keys = Get-ChildItem -Path 'C:\ProgramData\ssh' -Filter 'ssh_host_*_key' -File -ErrorAction SilentlyContinue
|
||||
if ($keys -and $keys.Count -gt 0) {
|
||||
foreach ($k in $keys) {
|
||||
icacls.exe $k.FullName /inheritance:r
|
||||
icacls.exe $k.FullName /grant:r "S-1-5-18:(F)"
|
||||
icacls.exe $k.FullName /remove $current 2>$null
|
||||
}
|
||||
Write-Output "restricted: removed access for $current"
|
||||
} else {
|
||||
Write-Output 'no-keys'
|
||||
}
|
||||
args:
|
||||
executable: powershell.exe
|
||||
register: restrict_hostkey_perms
|
||||
changed_when: "'restricted' in restrict_hostkey_perms.stdout"
|
||||
|
||||
- name: Ensure sshd service is enabled and running
|
||||
ansible.windows.win_service:
|
||||
name: sshd
|
||||
start_mode: auto
|
||||
state: started
|
||||
|
||||
- name: Ensure firewall allows SSH (TCP/22)
|
||||
community.windows.win_firewall_rule:
|
||||
name: "OpenSSH Server (sshd)"
|
||||
enable: true
|
||||
direction: in
|
||||
action: allow
|
||||
localport: 22
|
||||
protocol: TCP
|
||||
profile: "Domain,Private"
|
||||
|
||||
- name: Ensure PubkeyAuthentication is enabled in sshd_config
|
||||
community.windows.win_lineinfile:
|
||||
path: 'C:\ProgramData\ssh\sshd_config'
|
||||
regexp: "^#?PubkeyAuthentication"
|
||||
line: "PubkeyAuthentication yes"
|
||||
create: true
|
||||
backup: true
|
||||
register: sshd_pubkey_changed
|
||||
|
||||
- name: Ensure AuthorizedKeysFile is set to .ssh/authorized_keys
|
||||
community.windows.win_lineinfile:
|
||||
path: 'C:\ProgramData\ssh\sshd_config'
|
||||
regexp: "^#?AuthorizedKeysFile"
|
||||
line: "AuthorizedKeysFile .ssh/authorized_keys"
|
||||
create: true
|
||||
backup: true
|
||||
register: sshd_authkeys_changed
|
||||
|
||||
- name: Detect available PowerShell for ssh subsystem
|
||||
ansible.windows.win_shell: |
|
||||
if (Test-Path 'C:\Program Files\PowerShell\7\pwsh.exe') { Write-Output 'C:\Program Files\PowerShell\7\pwsh.exe' }
|
||||
elseif (Test-Path 'C:\Program Files\PowerShell\6\pwsh.exe') { Write-Output 'C:\Program Files\PowerShell\6\pwsh.exe' }
|
||||
elseif (Test-Path 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe') { Write-Output 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' }
|
||||
else { Write-Output '' }
|
||||
register: ssh_subsystem_path
|
||||
changed_when: false
|
||||
|
||||
- name: Configure sshd Subsystem to allow PowerShell sessions
|
||||
community.windows.win_lineinfile:
|
||||
path: 'C:\ProgramData\ssh\sshd_config'
|
||||
regexp: '^Subsystem\s+powershell'
|
||||
line: 'Subsystem powershell "{{ ssh_subsystem_path.stdout | trim }}" -sshs -NoLogo -NoProfile'
|
||||
create: true
|
||||
backup: true
|
||||
register: sshd_subsystem_changed
|
||||
when: ssh_subsystem_path.stdout != ''
|
||||
|
||||
- name: Restart sshd if config changed
|
||||
ansible.windows.win_service:
|
||||
name: sshd
|
||||
state: restarted
|
||||
when: sshd_pubkey_changed.changed or sshd_authkeys_changed.changed or sshd_subsystem_changed.changed
|
||||
|
||||
- name: Ensure users for SSH keys exist (no-op if already present)
|
||||
ansible.windows.win_user:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
loop: "{{ ssh_users | default([]) }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
become: true
|
||||
become_method: runas
|
||||
become_user: "NT AUTHORITY\\SYSTEM"
|
||||
|
||||
- name: Ensure user .ssh directory exists
|
||||
ansible.windows.win_file:
|
||||
path: "C:\\Users\\{{ item.name }}\\.ssh"
|
||||
state: directory
|
||||
loop: "{{ ssh_users | default([]) }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
become: true
|
||||
become_method: runas
|
||||
become_user: "NT AUTHORITY\\SYSTEM"
|
||||
|
||||
- name: Deploy authorized_keys for each user
|
||||
ansible.windows.win_copy:
|
||||
dest: "C:\\Users\\{{ item.name }}\\.ssh\\authorized_keys"
|
||||
content: "{{ (item['keys'] | default([])) | join('\r\n') }}\r\n"
|
||||
force: true
|
||||
loop: "{{ ssh_users | default([]) }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
become: true
|
||||
become_method: runas
|
||||
become_user: "NT AUTHORITY\\SYSTEM"
|
||||
|
||||
- name: Set ACL on .ssh directory to allow only the user and Administradores (directory)
|
||||
ansible.windows.win_acl:
|
||||
path: "C:\\Users\\{{ item.name }}\\.ssh"
|
||||
user: "{{ item.name }}"
|
||||
rights: FullControl
|
||||
type: allow
|
||||
inheritance: false
|
||||
propagate: false
|
||||
state: present
|
||||
loop: "{{ ssh_users | default([]) }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
become: true
|
||||
become_method: runas
|
||||
become_user: "NT AUTHORITY\\SYSTEM"
|
||||
|
||||
- name: Set ACL on authorized_keys file to allow only the user and Administradores (file)
|
||||
ansible.windows.win_acl:
|
||||
path: "C:\\Users\\{{ item.name }}\\.ssh\\authorized_keys"
|
||||
user: "{{ item.name }}"
|
||||
rights: FullControl
|
||||
type: allow
|
||||
inheritance: false
|
||||
propagate: false
|
||||
state: present
|
||||
loop: "{{ ssh_users | default([]) }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
become: true
|
||||
become_method: runas
|
||||
become_user: "NT AUTHORITY\\SYSTEM"
|
||||
|
||||
- name: Create administrators_authorized_keys from admin users' keys (if any)
|
||||
ansible.windows.win_copy:
|
||||
dest: 'C:\ProgramData\ssh\administrators_authorized_keys'
|
||||
content: "{{ (ssh_users | default([]) | selectattr('admin','equalto',true) | map(attribute='keys') | list | flatten | default([])) | join('\r\n') }}\r\n"
|
||||
force: true
|
||||
when: (ssh_users | default([]) | selectattr('admin','equalto',true) | list) | length > 0
|
||||
become: true
|
||||
become_method: runas
|
||||
become_user: "NT AUTHORITY\\SYSTEM"
|
||||
|
||||
- name: Tighten ACLs for administrators_authorized_keys (icacls)
|
||||
ansible.windows.win_shell: |
|
||||
$f = 'C:\ProgramData\ssh\administrators_authorized_keys'
|
||||
$current = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
|
||||
if (Test-Path $f) {
|
||||
icacls.exe $f /inheritance:r
|
||||
icacls.exe $f /grant:r "S-1-5-18:(F)" "S-1-5-32-544:(F)"
|
||||
icacls.exe $f /remove $current 2>$null
|
||||
Write-Output 'restricted'
|
||||
} else {
|
||||
Write-Output 'no-file'
|
||||
}
|
||||
args:
|
||||
executable: powershell.exe
|
||||
register: restrict_admin_auth_perms
|
||||
changed_when: "'restricted' in restrict_admin_auth_perms.stdout"
|
||||
become: true
|
||||
become_method: runas
|
||||
become_user: "NT AUTHORITY\\SYSTEM"
|
||||
|
||||
- name: Debug administrators_authorized_keys ACL change
|
||||
ansible.builtin.debug:
|
||||
var: restrict_admin_auth_perms.stdout
|
||||
+4
-2
@@ -98,13 +98,15 @@ gpu-01.lab.alexpires.me
|
||||
|
||||
[windows]
|
||||
game-01.lab.alexpires.me
|
||||
hpz440.lab.alexpires.me
|
||||
|
||||
[windows_game]
|
||||
game-01.lab.alexpires.me
|
||||
|
||||
[prometheus]
|
||||
[prometheus_linux]
|
||||
prod-01.alexpires.me
|
||||
dev-01.lab.alexpires.me
|
||||
|
||||
[windows_prometheus]
|
||||
game-01.lab.alexpires.me
|
||||
game-01.lab.alexpires.me
|
||||
hpz440.lab.alexpires.me
|
||||
|
||||
@@ -165,11 +165,20 @@ Function New-LegacySelfSignedCert {
|
||||
$certdata = $enrollment.CreateRequest(0)
|
||||
$enrollment.InstallResponse(2, $certdata, 0, "")
|
||||
|
||||
# extract/return the thumbprint from the generated cert
|
||||
$parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
|
||||
$parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata))
|
||||
|
||||
return $parsed_cert.Thumbprint
|
||||
try {
|
||||
# Try to decode as base64 (most likely) then construct the cert from raw bytes.
|
||||
$raw = $null
|
||||
try {
|
||||
$raw = [Convert]::FromBase64String($certdata)
|
||||
} catch {
|
||||
# Fallback to UTF8 bytes if it's not base64
|
||||
$raw = [System.Text.Encoding]::UTF8.GetBytes($certdata)
|
||||
}
|
||||
$parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (, $raw)
|
||||
return $parsed_cert.Thumbprint
|
||||
} catch {
|
||||
Throw "Failed to construct X509Certificate2 from generated data: $($_.Exception.Message)"
|
||||
}
|
||||
}
|
||||
|
||||
Function Enable-GlobalHttpFirewallAccess {
|
||||
@@ -327,7 +336,9 @@ If (!($listeners | Where-Object { $_.Keys -like "TRANSPORT=HTTPS" })) {
|
||||
}
|
||||
|
||||
Write-Verbose "Enabling SSL listener."
|
||||
New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset
|
||||
# Fallback to winrm.exe create which is more compatible across WinRM versions
|
||||
$body = "@{Hostname=`"$SubjectName`";CertificateThumbprint=`"$thumbprint`"}"
|
||||
& winrm create 'winrm/config/Listener?Address=*+Transport=HTTPS' $body
|
||||
Write-ProgressLog "Enabled SSL listener."
|
||||
}
|
||||
Else {
|
||||
@@ -353,7 +364,8 @@ Else {
|
||||
Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset
|
||||
|
||||
# Add new Listener with new SSL cert
|
||||
New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset
|
||||
$body = "@{Hostname=`"$SubjectName`";CertificateThumbprint=`"$thumbprint`"}"
|
||||
& winrm create 'winrm/config/Listener?Address=*+Transport=HTTPS' $body
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -92,6 +92,11 @@ locals {
|
||||
type = "A"
|
||||
content = "10.5.5.2"
|
||||
},
|
||||
{
|
||||
name = "hpz440"
|
||||
type = "A"
|
||||
content = "10.19.4.121"
|
||||
},
|
||||
]
|
||||
}
|
||||
]
|
||||
|
||||
@@ -3,10 +3,10 @@ scrape_configs:
|
||||
scrape_interval: 10s
|
||||
static_configs:
|
||||
- targets:
|
||||
- "node-exporter.kube-system.svc.cluster.local:9100"
|
||||
- "node-exporter.prometheus.svc.cluster.local:9100"
|
||||
- "10.19.4.1:9100"
|
||||
- job_name: auth-exporter
|
||||
scrape_interval: 10s
|
||||
static_configs:
|
||||
- targets:
|
||||
- "auth-exporter.kube-system.svc.cluster.local:9100"
|
||||
- "auth-exporter.prometheus.svc.cluster.local:9100"
|
||||
|
||||
@@ -2,13 +2,15 @@ scrape_configs:
|
||||
- job_name: node-exporter
|
||||
scrape_interval: 10s
|
||||
static_configs:
|
||||
- targets: ["node-exporter.kube-system.svc.cluster.local:9100"]
|
||||
- targets:
|
||||
- "node-exporter.prometheus.svc.cluster.local:9100"
|
||||
- job_name: fail2ban
|
||||
scrape_interval: 60s
|
||||
static_configs:
|
||||
- targets: ["fail2ban-exporter.kube-system.svc.cluster.local:9100"]
|
||||
- targets:
|
||||
- "fail2ban-exporter.prometheus.svc.cluster.local:9100"
|
||||
- job_name: auth-exporter
|
||||
scrape_interval: 10s
|
||||
static_configs:
|
||||
- targets:
|
||||
- "auth-exporter.kube-system.svc.cluster.local:9100"
|
||||
- "auth-exporter.prometheus.svc.cluster.local:9100"
|
||||
|
||||
@@ -1,126 +0,0 @@
|
||||
global:
|
||||
scrape_interval: 5s
|
||||
evaluation_interval: 5s
|
||||
rule_files:
|
||||
- /etc/prometheus/prometheus.rules
|
||||
alerting:
|
||||
alertmanagers:
|
||||
- scheme: http
|
||||
static_configs:
|
||||
- targets:
|
||||
- "alertmanager.monitoring.svc:9093"
|
||||
scrape_configs:
|
||||
- job_name: "node-exporter"
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_kubernetes_endpoints_name]
|
||||
regex: "node-exporter"
|
||||
action: keep
|
||||
- job_name: "kubernetes-apiservers"
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
relabel_configs:
|
||||
- source_labels:
|
||||
[
|
||||
__meta_kubernetes_namespace,
|
||||
__meta_kubernetes_service_name,
|
||||
__meta_kubernetes_endpoint_port_name,
|
||||
]
|
||||
action: keep
|
||||
regex: default;kubernetes;https
|
||||
- job_name: "kubernetes-nodes"
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
kubernetes_sd_configs:
|
||||
- role: node
|
||||
relabel_configs:
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_node_label_(.+)
|
||||
- target_label: __address__
|
||||
replacement: kubernetes.default.svc:443
|
||||
- source_labels: [__meta_kubernetes_node_name]
|
||||
regex: (.+)
|
||||
target_label: __metrics_path__
|
||||
replacement: /api/v1/nodes/$${1}/proxy/metrics
|
||||
- job_name: "kubernetes-pods"
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
relabel_configs:
|
||||
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
|
||||
action: keep
|
||||
regex: true
|
||||
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
|
||||
action: replace
|
||||
target_label: __metrics_path__
|
||||
regex: (.+)
|
||||
- source_labels:
|
||||
[__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
|
||||
action: replace
|
||||
regex: ([^:]+)(?::\d+)?;(\d+)
|
||||
replacement: $1:$2
|
||||
target_label: __address__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
- source_labels: [__meta_kubernetes_namespace]
|
||||
action: replace
|
||||
target_label: kubernetes_namespace
|
||||
- source_labels: [__meta_kubernetes_pod_name]
|
||||
action: replace
|
||||
target_label: kubernetes_pod_name
|
||||
- job_name: "kube-state-metrics"
|
||||
static_configs:
|
||||
- targets: ["kube-state-metrics.kube-system.svc.cluster.local:8080"]
|
||||
- job_name: "kubernetes-cadvisor"
|
||||
scheme: https
|
||||
tls_config:
|
||||
ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||||
bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
kubernetes_sd_configs:
|
||||
- role: node
|
||||
relabel_configs:
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_node_label_(.+)
|
||||
- target_label: __address__
|
||||
replacement: kubernetes.default.svc:443
|
||||
- source_labels: [__meta_kubernetes_node_name]
|
||||
regex: (.+)
|
||||
target_label: __metrics_path__
|
||||
replacement: /api/v1/nodes/$${1}/proxy/metrics/cadvisor
|
||||
- job_name: "kubernetes-service-endpoints"
|
||||
kubernetes_sd_configs:
|
||||
- role: endpoints
|
||||
relabel_configs:
|
||||
- source_labels:
|
||||
[__meta_kubernetes_service_annotation_prometheus_io_scrape]
|
||||
action: keep
|
||||
regex: true
|
||||
- source_labels:
|
||||
[__meta_kubernetes_service_annotation_prometheus_io_scheme]
|
||||
action: replace
|
||||
target_label: __scheme__
|
||||
regex: (https?)
|
||||
- source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
|
||||
action: replace
|
||||
target_label: __metrics_path__
|
||||
regex: (.+)
|
||||
- source_labels:
|
||||
[__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
|
||||
action: replace
|
||||
target_label: __address__
|
||||
regex: ([^:]+)(?::\d+)?;(\d+)
|
||||
replacement: $1:$2
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_service_label_(.+)
|
||||
- source_labels: [__meta_kubernetes_namespace]
|
||||
action: replace
|
||||
target_label: kubernetes_namespace
|
||||
- source_labels: [__meta_kubernetes_service_name]
|
||||
action: replace
|
||||
target_label: kubernetes_name
|
||||
@@ -7,7 +7,7 @@ variable "tag" {
|
||||
variable "namespace" {
|
||||
description = "Kubernetes namespace to deploy the prometheus exporter"
|
||||
type = string
|
||||
default = "kube-system"
|
||||
default = "prometheus"
|
||||
}
|
||||
|
||||
variable "persistent_folder" {
|
||||
|
||||
@@ -7,5 +7,5 @@ variable "tag" {
|
||||
variable "namespace" {
|
||||
description = "Kubernetes namespace to deploy the Fail2Ban exporter"
|
||||
type = string
|
||||
default = "kube-system"
|
||||
default = "prometheus"
|
||||
}
|
||||
|
||||
@@ -7,5 +7,5 @@ variable "tag" {
|
||||
variable "namespace" {
|
||||
description = "Kubernetes namespace to deploy the Fail2Ban exporter"
|
||||
type = string
|
||||
default = "kube-system"
|
||||
default = "prometheus"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user