mirror of
https://github.com/carlosedp/cluster-monitoring.git
synced 2024-12-18 19:05:44 +01:00
Add config parameter and overrides to remove kube-rbac-proxy from exporters
This commit is contained in:
parent
28075aa925
commit
c0fb818677
140
k3s-overrides.jsonnet
Normal file
140
k3s-overrides.jsonnet
Normal file
@ -0,0 +1,140 @@
|
||||
local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
|
||||
local vars = import 'vars.jsonnet';
|
||||
|
||||
{
|
||||
nodeExporter+:: {
|
||||
daemonset+: {
|
||||
spec+: {
|
||||
template+: {
|
||||
spec+: {
|
||||
containers:
|
||||
std.filterMap(
|
||||
function(c) std.startsWith(c.name, 'kube-rbac') != true,
|
||||
function(c)
|
||||
if std.startsWith(c.name, 'node-exporter') then
|
||||
c {
|
||||
args: [
|
||||
'--web.listen-address=:' + $._config.nodeExporter.port,
|
||||
'--path.procfs=/host/proc',
|
||||
'--path.sysfs=/host/sys',
|
||||
'--path.rootfs=/host/root',
|
||||
// The following settings have been taken from
|
||||
// https://github.com/prometheus/node_exporter/blob/0662673/collector/filesystem_linux.go#L30-L31
|
||||
// Once node exporter is being released with those settings, this can be removed.
|
||||
'--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+)($|/)',
|
||||
'--collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|cgroup|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|mqueue|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|sysfs|tracefs)$',
|
||||
],
|
||||
}
|
||||
else
|
||||
c,
|
||||
super.containers,
|
||||
),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
service+:
|
||||
{
|
||||
spec+: {
|
||||
ports: [{
|
||||
name: 'http',
|
||||
port: 9100,
|
||||
targetPort: 'http'
|
||||
}]
|
||||
}
|
||||
},
|
||||
|
||||
serviceMonitor+:
|
||||
{
|
||||
spec+: {
|
||||
endpoints: [
|
||||
{
|
||||
port: 'http',
|
||||
scheme: 'http',
|
||||
interval: '30s',
|
||||
relabelings: [
|
||||
{
|
||||
action: 'replace',
|
||||
regex: '(.*)',
|
||||
replacment: '$1',
|
||||
sourceLabels: ['__meta_kubernetes_pod_node_name'],
|
||||
targetLabel: 'instance',
|
||||
},
|
||||
],
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
|
||||
kubeStateMetrics+:: {
|
||||
deployment+: {
|
||||
spec+: {
|
||||
template+: {
|
||||
spec+: {
|
||||
containers:
|
||||
std.filterMap(
|
||||
function(c) std.startsWith(c.name, 'kube-rbac') != true,
|
||||
function(c)
|
||||
if std.startsWith(c.name, 'kube-state-metrics') then
|
||||
c {
|
||||
args: [
|
||||
'--port=8080',
|
||||
'--telemetry-port=8081',
|
||||
],
|
||||
}
|
||||
else
|
||||
c,
|
||||
super.containers,
|
||||
),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
service+:
|
||||
{
|
||||
spec+: {
|
||||
ports: [{
|
||||
name: 'http-main',
|
||||
port: 8080,
|
||||
targetPort: 'http'
|
||||
},
|
||||
{
|
||||
name: 'http-self',
|
||||
port: 8081,
|
||||
targetPort: 'http'
|
||||
}]
|
||||
}
|
||||
},
|
||||
|
||||
serviceMonitor+:
|
||||
{
|
||||
spec+: {
|
||||
endpoints: [
|
||||
{
|
||||
port: 'http-main',
|
||||
scheme: 'http',
|
||||
interval: $._config.kubeStateMetrics.scrapeInterval,
|
||||
scrapeTimeout: $._config.kubeStateMetrics.scrapeTimeout,
|
||||
honorLabels: true,
|
||||
tlsConfig: {
|
||||
insecureSkipVerify: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
port: 'http-self',
|
||||
scheme: 'https',
|
||||
interval: '30s',
|
||||
tlsConfig: {
|
||||
insecureSkipVerify: true,
|
||||
},
|
||||
},
|
||||
],
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
}
|
@ -15,13 +15,17 @@ local kp = (import 'kube-prometheus/kube-prometheus.libsonnet')
|
||||
+ (import 'kube-prometheus/kube-prometheus-kubeadm.libsonnet')
|
||||
// Use http Kubelet targets. Comment to revert to https
|
||||
+ (import 'kube-prometheus/kube-prometheus-insecure-kubelet.libsonnet')
|
||||
+ (import 'base_operator_stack.jsonnet')
|
||||
+ (import 'smtp_server.jsonnet')
|
||||
// Additional modules are loaded dynamically from vars.jsonnet
|
||||
+ join_objects([module.file for module in vars.modules if module.enabled])
|
||||
// Load K3s customized modules
|
||||
+ join_objects([m for m in [import 'k3s-overrides.jsonnet'] if vars.k3s])
|
||||
// Base stack is loaded at the end to override previous definitions
|
||||
+ (import 'base_operator_stack.jsonnet')
|
||||
// Load image versions last to override default from modules
|
||||
+ (import 'image_sources_versions.jsonnet');
|
||||
|
||||
|
||||
// Generate core modules
|
||||
{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) }
|
||||
{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) }
|
||||
|
@ -17,44 +17,8 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --logtostderr
|
||||
- --secure-listen-address=:8443
|
||||
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
- --upstream=http://127.0.0.1:8081/
|
||||
image: carlosedp/kube-rbac-proxy:v0.4.1
|
||||
name: kube-rbac-proxy-main
|
||||
ports:
|
||||
- containerPort: 8443
|
||||
name: https-main
|
||||
resources:
|
||||
limits:
|
||||
cpu: 20m
|
||||
memory: 40Mi
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
- args:
|
||||
- --logtostderr
|
||||
- --secure-listen-address=:9443
|
||||
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
- --upstream=http://127.0.0.1:8082/
|
||||
image: carlosedp/kube-rbac-proxy:v0.4.1
|
||||
name: kube-rbac-proxy-self
|
||||
ports:
|
||||
- containerPort: 9443
|
||||
name: https-self
|
||||
resources:
|
||||
limits:
|
||||
cpu: 20m
|
||||
memory: 40Mi
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
- args:
|
||||
- --host=127.0.0.1
|
||||
- --port=8081
|
||||
- --telemetry-host=127.0.0.1
|
||||
- --telemetry-port=8082
|
||||
- --port=8080
|
||||
- --telemetry-port=8081
|
||||
image: carlosedp/kube-state-metrics:v1.7.2
|
||||
name: kube-state-metrics
|
||||
resources:
|
||||
|
@ -8,11 +8,11 @@ metadata:
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: https-main
|
||||
port: 8443
|
||||
targetPort: https-main
|
||||
- name: https-self
|
||||
port: 9443
|
||||
targetPort: https-self
|
||||
- name: http-main
|
||||
port: 8080
|
||||
targetPort: http
|
||||
- name: http-self
|
||||
port: 8081
|
||||
targetPort: http
|
||||
selector:
|
||||
app: kube-state-metrics
|
||||
|
@ -7,17 +7,15 @@ metadata:
|
||||
namespace: monitoring
|
||||
spec:
|
||||
endpoints:
|
||||
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
honorLabels: true
|
||||
- honorLabels: true
|
||||
interval: 30s
|
||||
port: https-main
|
||||
scheme: https
|
||||
port: http-main
|
||||
scheme: http
|
||||
scrapeTimeout: 30s
|
||||
tlsConfig:
|
||||
insecureSkipVerify: true
|
||||
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
interval: 30s
|
||||
port: https-self
|
||||
- interval: 30s
|
||||
port: http-self
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
insecureSkipVerify: true
|
||||
|
@ -16,7 +16,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --web.listen-address=127.0.0.1:9100
|
||||
- --web.listen-address=:9100
|
||||
- --path.procfs=/host/proc
|
||||
- --path.sysfs=/host/sys
|
||||
- --path.rootfs=/host/root
|
||||
@ -42,29 +42,6 @@ spec:
|
||||
mountPropagation: HostToContainer
|
||||
name: root
|
||||
readOnly: true
|
||||
- args:
|
||||
- --logtostderr
|
||||
- --secure-listen-address=$(IP):9100
|
||||
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
|
||||
- --upstream=http://127.0.0.1:9100/
|
||||
env:
|
||||
- name: IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
image: carlosedp/kube-rbac-proxy:v0.4.1
|
||||
name: kube-rbac-proxy
|
||||
ports:
|
||||
- containerPort: 9100
|
||||
hostPort: 9100
|
||||
name: https
|
||||
resources:
|
||||
limits:
|
||||
cpu: 20m
|
||||
memory: 60Mi
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
nodeSelector:
|
||||
|
@ -8,8 +8,8 @@ metadata:
|
||||
spec:
|
||||
clusterIP: None
|
||||
ports:
|
||||
- name: https
|
||||
- name: http
|
||||
port: 9100
|
||||
targetPort: https
|
||||
targetPort: http
|
||||
selector:
|
||||
app: node-exporter
|
||||
|
@ -7,9 +7,8 @@ metadata:
|
||||
namespace: monitoring
|
||||
spec:
|
||||
endpoints:
|
||||
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
interval: 30s
|
||||
port: https
|
||||
- interval: 30s
|
||||
port: http
|
||||
relabelings:
|
||||
- action: replace
|
||||
regex: (.*)
|
||||
@ -17,9 +16,7 @@ spec:
|
||||
sourceLabels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
targetLabel: instance
|
||||
scheme: https
|
||||
tlsConfig:
|
||||
insecureSkipVerify: true
|
||||
scheme: http
|
||||
jobLabel: k8s-app
|
||||
selector:
|
||||
matchLabels:
|
||||
|
@ -28,6 +28,8 @@
|
||||
},
|
||||
],
|
||||
|
||||
k3s: true,
|
||||
|
||||
// Setting these to false, defaults to emptyDirs
|
||||
enablePersistence: {
|
||||
prometheus: false,
|
||||
|
Loading…
Reference in New Issue
Block a user