Mirrors/rpi.carlosedp.cluster-monitoring
1
0
Fork 0
mirror of https://github.com/carlosedp/cluster-monitoring.git synced 2025-10-26 10:23:04 +01:00
Code Issues Projects Releases Wiki Activity

Add config parameter and overrides to remove kube-rbac-proxy from exporters

Browse Source
This commit is contained in:
Carlos de Paula 2019-08-19 20:20:17 -03:00
parent 28075aa925
commit c0fb818677
9 changed files with 166 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
k3s-overrides.jsonnet Normal file
View File

@ -0,0 +1,140 @@
local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
local vars = import 'vars.jsonnet';
{
nodeExporter+:: {
daemonset+: {
spec+: {
template+: {
spec+: {
containers:
std.filterMap(
function(c) std.startsWith(c.name, 'kube-rbac') != true,
function(c)
if std.startsWith(c.name, 'node-exporter') then
c {
args: [
'--web.listen-address=:' + $._config.nodeExporter.port,
'--path.procfs=/host/proc',
'--path.sysfs=/host/sys',
'--path.rootfs=/host/root',
// The following settings have been taken from
// https://github.com/prometheus/node_exporter/blob/0662673/collector/filesystem_linux.go#L30-L31
// Once node exporter is being released with those settings, this can be removed.
'--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)',
'--collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$',
],
}
else
c,
super.containers,
),
},
},
},
},
service+:
{
spec+: {
ports: [{
name: 'http',
port: 9100,
targetPort: 'http'
}]
}
},
serviceMonitor+:
{
spec+: {
endpoints: [
{
port: 'http',
scheme: 'http',
interval: '30s',
relabelings: [
{
action: 'replace',
regex: '(.*)',
replacment: '$1',
sourceLabels: ['__meta_kubernetes_pod_node_name'],
targetLabel: 'instance',
},
],
},
],
},
},
},
kubeStateMetrics+:: {
deployment+: {
spec+: {
template+: {
spec+: {
containers:
std.filterMap(
function(c) std.startsWith(c.name, 'kube-rbac') != true,
function(c)
if std.startsWith(c.name, 'kube-state-metrics') then
c {
args: [
'--port=8080',
'--telemetry-port=8081',
],
}
else
c,
super.containers,
),
},
},
},
},
service+:
{
spec+: {
ports: [{
name: 'http-main',
port: 8080,
targetPort: 'http'
},
{
name: 'http-self',
port: 8081,
targetPort: 'http'
}]
}
},
serviceMonitor+:
{
spec+: {
endpoints: [
{
port: 'http-main',
scheme: 'http',
interval: $._config.kubeStateMetrics.scrapeInterval,
scrapeTimeout: $._config.kubeStateMetrics.scrapeTimeout,
honorLabels: true,
tlsConfig: {
insecureSkipVerify: true,
},
},
{
port: 'http-self',
scheme: 'https',
interval: '30s',
tlsConfig: {
insecureSkipVerify: true,
},
},
],
},
},
},
}

6
main.jsonnet
View File

@ -15,13 +15,17 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet')
+ (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet')
// Use http Kubelet targets. Comment to revert to https
+ (import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet')
+ (import 'base_operator_stack.jsonnet')
+ (import 'smtp_server.jsonnet')
// Additional modules are loaded dynamically from vars.jsonnet
+ join_objects([module.file for module in vars.modules if module.enabled])
// Load K3s customized modules
+ join_objects([m for m in [import 'k3s-overrides.jsonnet'] if vars.k3s])
// Base stack is loaded at the end to override previous definitions
+ (import 'base_operator_stack.jsonnet')
// Load image versions last to override default from modules
+ (import 'image_sources_versions.jsonnet');
// Generate core modules
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) }
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) }

40
manifests/kube-state-metrics-deployment.yaml
View File

@ -17,44 +17,8 @@ spec:
spec:
containers:
- args:
- --logtostderr
- --secure-listen-address=:8443
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- --upstream=http://127.0.0.1:8081/
image: carlosedp/kube-rbac-proxy:v0.4.1
name: kube-rbac-proxy-main
ports:
- containerPort: 8443
name: https-main
resources:
limits:
cpu: 20m
memory: 40Mi
requests:
cpu: 10m
memory: 20Mi
- args:
- --logtostderr
- --secure-listen-address=:9443
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- --upstream=http://127.0.0.1:8082/
image: carlosedp/kube-rbac-proxy:v0.4.1
name: kube-rbac-proxy-self
ports:
- containerPort: 9443
name: https-self
resources:
limits:
cpu: 20m
memory: 40Mi
requests:
cpu: 10m
memory: 20Mi
- args:
- --host=127.0.0.1
- --port=8081
- --telemetry-host=127.0.0.1
- --telemetry-port=8082
- --port=8080
- --telemetry-port=8081
image: carlosedp/kube-state-metrics:v1.7.2
name: kube-state-metrics
resources:

12
manifests/kube-state-metrics-service.yaml
View File

@ -8,11 +8,11 @@ metadata:
spec:
clusterIP: None
ports:
- name: https-main
port: 8443
targetPort: https-main
- name: https-self
port: 9443
targetPort: https-self
- name: http-main
port: 8080
targetPort: http
- name: http-self
port: 8081
targetPort: http
selector:
app: kube-state-metrics

12
manifests/kube-state-metrics-serviceMonitor.yaml
View File

@ -7,17 +7,15 @@ metadata:
namespace: monitoring
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
honorLabels: true
- honorLabels: true
interval: 30s
port: https-main
scheme: https
port: http-main
scheme: http
scrapeTimeout: 30s
tlsConfig:
insecureSkipVerify: true
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 30s
port: https-self
- interval: 30s
port: http-self
scheme: https
tlsConfig:
insecureSkipVerify: true

25
manifests/node-exporter-daemonset.yaml
View File

@ -16,7 +16,7 @@ spec:
spec:
containers:
- args:
- --web.listen-address=127.0.0.1:9100
- --web.listen-address=:9100
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
- --path.rootfs=/host/root
@ -42,29 +42,6 @@ spec:
mountPropagation: HostToContainer
name: root
readOnly: true
- args:
- --logtostderr
- --secure-listen-address=$(IP):9100
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- --upstream=http://127.0.0.1:9100/
env:
- name: IP
valueFrom:
fieldRef:
fieldPath: status.podIP
image: carlosedp/kube-rbac-proxy:v0.4.1
name: kube-rbac-proxy
ports:
- containerPort: 9100
hostPort: 9100
name: https
resources:
limits:
cpu: 20m
memory: 60Mi
requests:
cpu: 10m
memory: 20Mi
hostNetwork: true
hostPID: true
nodeSelector:

4
manifests/node-exporter-service.yaml
View File

@ -8,8 +8,8 @@ metadata:
spec:
clusterIP: None
ports:
- name: https
- name: http
port: 9100
targetPort: https
targetPort: http
selector:
app: node-exporter

9
manifests/node-exporter-serviceMonitor.yaml
View File

@ -7,9 +7,8 @@ metadata:
namespace: monitoring
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 30s
port: https
- interval: 30s
port: http
relabelings:
- action: replace
regex: (.*)
@ -17,9 +16,7 @@ spec:
sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: instance
scheme: https
tlsConfig:
insecureSkipVerify: true
scheme: http
jobLabel: k8s-app
selector:
matchLabels:

2
vars.jsonnet
View File

@ -28,6 +28,8 @@
},
],
k3s: true,
// Setting these to false, defaults to emptyDirs
enablePersistence: {
prometheus: false,