2019-02-27 13:26:09 +01:00
|
|
|
local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
|
|
|
|
|
|
|
|
{
|
|
|
|
_config+:: {
|
|
|
|
namespace: 'monitoring',
|
|
|
|
replicas: 1,
|
|
|
|
|
|
|
|
// Add custom dashboards
|
|
|
|
grafanaDashboards+:: {
|
|
|
|
'elasticsearch-dashboard.json': (import 'grafana-dashboards/elasticsearch-dashboard.json'),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
|
|
|
|
elasticExporter+:: {
|
|
|
|
deployment:
|
|
|
|
local deployment = k.apps.v1beta2.deployment;
|
|
|
|
local container = k.apps.v1beta2.deployment.mixin.spec.template.spec.containersType;
|
|
|
|
local containerPort = container.portsType;
|
|
|
|
|
|
|
|
local podLabels = { 'k8s-app': 'elasticsearch-exporter' };
|
|
|
|
local elasticExporter =
|
|
|
|
container.new('elasticsearch-exporter',
|
|
|
|
$._config.imageRepos.elasticExporter + ':' + $._config.versions.elasticExporter) +
|
|
|
|
container.withCommand(['/bin/elasticsearch_exporter',
|
|
|
|
'-es.uri=http://elasticsearch.logging.svc:9200',
|
|
|
|
'-es.timeout=60s',
|
|
|
|
'-es.all=true']) +
|
|
|
|
container.withPorts(containerPort.newNamed('es-metrics', 9108)) +
|
|
|
|
container.mixin.securityContext.capabilities.withDrop(['SETPCAP' , 'MKNOD' , 'AUDIT_WRITE' , 'CHOWN' , 'NET_RAW' , 'DAC_OVERRIDE' , 'FOWNER' , 'FSETID' , 'KILL' , 'SETGID' , 'SETUID' , 'NET_BIND_SERVICE' , 'SYS_CHROOT' , 'SETFCAP']) +
|
|
|
|
container.mixin.securityContext.withRunAsNonRoot(true) +
|
|
|
|
container.mixin.securityContext.withRunAsUser(1000) +
|
2019-02-27 13:32:17 +01:00
|
|
|
container.mixin.securityContext.withReadOnlyRootFilesystem(true) +
|
2019-02-27 13:26:09 +01:00
|
|
|
container.mixin.resources.withRequests({memory: "64Mi", cpu: "25m"}) +
|
|
|
|
container.mixin.resources.withLimits({memory: "128Mi", cpu: "100m"}) +
|
|
|
|
container.mixin.livenessProbe.httpGet.withPath('/health') +
|
|
|
|
container.mixin.livenessProbe.httpGet.withPort(9108) +
|
|
|
|
container.mixin.livenessProbe.withInitialDelaySeconds(30) +
|
|
|
|
container.mixin.livenessProbe.withTimeoutSeconds(10) +
|
|
|
|
|
|
|
|
container.mixin.readinessProbe.httpGet.withPath('/health') +
|
|
|
|
container.mixin.readinessProbe.httpGet.withPort(9108) +
|
|
|
|
container.mixin.readinessProbe.withInitialDelaySeconds(30) +
|
|
|
|
container.mixin.readinessProbe.withTimeoutSeconds(10);
|
|
|
|
|
|
|
|
local c = [elasticExporter];
|
|
|
|
|
|
|
|
deployment.new('elasticsearch-exporter', $._config.replicas, c, podLabels) +
|
|
|
|
deployment.mixin.metadata.withNamespace($._config.namespace) +
|
|
|
|
deployment.mixin.metadata.withLabels(podLabels) +
|
|
|
|
deployment.mixin.spec.selector.withMatchLabels(podLabels) +
|
|
|
|
deployment.mixin.spec.strategy.withType('RollingUpdate') +
|
|
|
|
deployment.mixin.spec.strategy.rollingUpdate.withMaxSurge(1) +
|
|
|
|
deployment.mixin.spec.strategy.rollingUpdate.withMaxUnavailable(0) +
|
|
|
|
deployment.mixin.spec.template.spec.withRestartPolicy('Always'),
|
|
|
|
|
|
|
|
service:
|
|
|
|
local service = k.core.v1.service;
|
|
|
|
local servicePort = k.core.v1.service.mixin.spec.portsType;
|
|
|
|
local elasticExporterPorts = servicePort.newNamed('es-metrics', 9108, 'es-metrics');
|
|
|
|
|
|
|
|
service.new('elasticsearch-exporter', $.elasticExporter.deployment.spec.selector.matchLabels, elasticExporterPorts) +
|
|
|
|
service.mixin.metadata.withNamespace($._config.namespace) +
|
|
|
|
service.mixin.metadata.withLabels({ 'k8s-app': 'elasticsearch-exporter' }),
|
|
|
|
|
|
|
|
serviceMonitorElastic:
|
|
|
|
{
|
|
|
|
apiVersion: 'monitoring.coreos.com/v1',
|
|
|
|
kind: 'ServiceMonitor',
|
|
|
|
metadata: {
|
|
|
|
name: 'elasticsearch-exporter',
|
|
|
|
namespace: $._config.namespace,
|
|
|
|
labels: {
|
|
|
|
'k8s-app': 'elasticsearch-exporter',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
spec: {
|
|
|
|
jobLabel: 'k8s-app',
|
|
|
|
selector: {
|
|
|
|
matchLabels: {
|
|
|
|
'k8s-app': 'elasticsearch-exporter',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
endpoints: [
|
|
|
|
{
|
|
|
|
port: 'es-metrics',
|
|
|
|
scheme: 'http',
|
|
|
|
interval: '30s',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
namespaceSelector: {
|
|
|
|
matchNames: [
|
|
|
|
'monitoring',
|
|
|
|
]
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
serviceMonitorFluentd:
|
|
|
|
{
|
|
|
|
apiVersion: 'monitoring.coreos.com/v1',
|
|
|
|
kind: 'ServiceMonitor',
|
|
|
|
metadata: {
|
|
|
|
name: 'fluentd-es',
|
|
|
|
namespace: $._config.namespace,
|
|
|
|
labels: {
|
|
|
|
'k8s-app': 'fluentd-es',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
spec: {
|
|
|
|
jobLabel: 'k8s-app',
|
|
|
|
selector: {
|
|
|
|
matchLabels: {
|
|
|
|
'k8s-app': 'fluentd-es',
|
|
|
|
},
|
|
|
|
},
|
|
|
|
endpoints: [
|
|
|
|
{
|
|
|
|
port: 'metrics',
|
|
|
|
scheme: 'http',
|
|
|
|
interval: '30s',
|
|
|
|
},
|
|
|
|
],
|
|
|
|
namespaceSelector: {
|
|
|
|
matchNames: [
|
|
|
|
'logging',
|
|
|
|
]
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
} + (import 'elasticsearch_rules.jsonnet')
|