add k8s check & config

2025-11-24 08:38:24 +01:00
parent 0045a21479
commit 1730b93c3f
12 changed files with 1888 additions and 0 deletions
--- a/templates/nrpe.j2
+++ b/templates/nrpe.j2
@@ -72,13 +72,32 @@ command[check_docker_{{ container }}]=/usr/lib/nagios/plugins/check_docker --con
 {% endif %}

 {% if nrpe_process is defined %}
+# process
 {% for process in nrpe_process %}
 command[check_proc_{{ process }}]=/usr/lib/nagios/plugins/check_systemd_service {{ process }}
 {% endfor %}
 {% endif %}

+{% if nrpe_kubernetes is defined or nrpe_kubernetes_manager is defined %}
+# kubernetes
 {% if nrpe_kubernetes is defined %}
+## nodes
 command[check_proc_kubelet]=/usr/lib/nagios/plugins/check_systemd_service kubelet
 command[check_proc_etcd]=/usr/lib/nagios/plugins/check_systemd_service etcd
 command[check_proc_containerd]=/usr/lib/nagios/plugins/check_systemd_service containerd
 {% endif %}
+{% if nrpe_kubernetes_manager is defined %}
+## manager / control plane
+command[check_k8s_health]=/usr/lib/nagios/plugins/check_http -I {{ ansible_default_ipv4.address }} -p 6443 -S -u /healthz --continue-after-certificate -r ok -w 1 -c 2
+command[check_cilium_health]=/usr/bin/sudo /usr/lib/nagios/plugins/check_cilium_health
+command[check_coredns_health]=/usr/bin/sudo /usr/lib/nagios/plugins/check_coredns_health
+command[check_etcd_health]=/usr/bin/sudo /usr/lib/nagios/plugins/check_etcd_health --endpoints "https://{{ ansible_default_ipv4.address }}:2379" --cacert /etc/ssl/etcd/ssl/ca.pem --cert /etc/ssl/etcd/ssl/node-{{ nrpe_kubernetes_manager_nodename }}.pem --key /etc/ssl/etcd/ssl/node-{{ nrpe_kubernetes_manager_nodename }}-key.pem
+command[check_k8s_apiserver_access]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_apiserver_access
+command[check_k8s_deployments]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_deployments
+command[check_k8s_jobs_cronjobs]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_jobs_cronjobs
+command[check_k8s_pki_certs]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_pki_certs
+command[check_k8s_pv_pvc]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_pv_pvc
+command[check_k8s_replicasets]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_replicasets
+command[check_k8s_pod_restarts]=/usr/bin/sudo /usr/lib/nagios/plugins/check_k8s_pod_restarts
+{% endif %}
+{% endif %}
--- a/templates/nrpe.sudoers.j2
+++ b/templates/nrpe.sudoers.j2
@@ -2,3 +2,13 @@ nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_postfix_mailqueue -w {{
 nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_exim_mailqueue -w {{ nrpe_mailq_warning }} -c {{ nrpe_mailq_critical }}
 nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_raid
 nagios ALL=(ALL) NOPASSWD: /usr/sbin/needrestart -b -l
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_cilium_health
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_coredns_health
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_etcd_health
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_k8s_apiserver_access
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_k8s_deployments
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_k8s_jobs_cronjobs
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_k8s_pki_certs
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_k8s_pv_pvc
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_k8s_replicasets
+nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_k8s_pod_restarts