rpi.carlosedp.cluster-monit.../arm_exporter.jsonnet
2019-10-09 11:26:42 -03:00

121 lines
4.8 KiB
Plaintext

local k = import 'ksonnet/ksonnet.beta.4/k.libsonnet';
local utils = import 'utils.libsonnet';
{
_config+:: {
namespace: 'monitoring',
versions+:: {
armExporter: 'latest',
},
imageRepos+:: {
armExporter: 'carlosedp/arm_exporter',
},
},
armExporter+:: {
clusterRoleBinding:
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
clusterRoleBinding.new() +
clusterRoleBinding.mixin.metadata.withName('arm-exporter') +
clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') +
clusterRoleBinding.mixin.roleRef.withName('arm-exporter') +
clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) +
clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'arm-exporter', namespace: $._config.namespace }]),
clusterRole:
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local authenticationRole = policyRule.new() +
policyRule.withApiGroups(['authentication.k8s.io']) +
policyRule.withResources([
'tokenreviews',
]) +
policyRule.withVerbs(['create']);
local authorizationRole = policyRule.new() +
policyRule.withApiGroups(['authorization.k8s.io']) +
policyRule.withResources([
'subjectaccessreviews',
]) +
policyRule.withVerbs(['create']);
local rules = [authenticationRole, authorizationRole];
clusterRole.new() +
clusterRole.mixin.metadata.withName('arm-exporter') +
clusterRole.withRules(rules),
serviceAccount:
local serviceAccount = k.core.v1.serviceAccount;
serviceAccount.new('arm-exporter') +
serviceAccount.mixin.metadata.withNamespace($._config.namespace),
daemonset:
local daemonset = k.apps.v1.daemonSet;
local container = daemonset.mixin.spec.template.spec.containersType;
local containerPort = container.portsType;
local containerEnv = container.envType;
local podLabels = { 'k8s-app': 'arm-exporter' };
local armExporter =
container.new('arm-exporter', $._config.imageRepos.armExporter + ':' + $._config.versions.armExporter) +
container.withCommand([
'/bin/rpi_exporter',
'--web.listen-address=127.0.0.1:9243',
]) +
container.mixin.resources.withRequests({ cpu: '50m', memory: '50Mi' }) +
container.mixin.resources.withLimits({ cpu: '100m', memory: '100Mi' });
local ip = containerEnv.fromFieldPath('IP', 'status.podIP');
local proxy =
container.new('kube-rbac-proxy', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
container.withArgs([
'--secure-listen-address=$(IP):9243',
'--upstream=http://127.0.0.1:9243/',
'--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
]) +
container.withPorts(containerPort.new(9243) + containerPort.withHostPort(9243) + containerPort.withName('https')) +
container.mixin.resources.withRequests({ cpu: '10m', memory: '20Mi' }) +
container.mixin.resources.withLimits({ cpu: '20m', memory: '40Mi' }) +
container.withEnv([ip]);
local c = [armExporter, proxy];
daemonset.new() +
daemonset.mixin.metadata.withName('arm-exporter') +
daemonset.mixin.metadata.withNamespace($._config.namespace) +
daemonset.mixin.metadata.withLabels(podLabels) +
daemonset.mixin.spec.selector.withMatchLabels(podLabels) +
daemonset.mixin.spec.template.metadata.withLabels(podLabels) +
daemonset.mixin.spec.template.spec.withNodeSelector({ 'beta.kubernetes.io/arch': 'arm64' }) +
daemonset.mixin.spec.template.spec.withServiceAccountName('arm-exporter') +
daemonset.mixin.spec.template.spec.withContainers(c),
serviceMonitor:
utils.newServiceMonitorHTTPS('arm-exporter',
$._config.namespace,
{'k8s-app': 'arm-exporter'},
$._config.namespace,
'https',
'https',
'/var/run/secrets/kubernetes.io/serviceaccount/token',
),
service:
local service = k.core.v1.service;
local servicePort = k.core.v1.service.mixin.spec.portsType;
local armExporterPort = servicePort.newNamed('https', 9243, 'https');
service.new('arm-exporter', $.armExporter.daemonset.spec.selector.matchLabels, armExporterPort) +
service.mixin.metadata.withNamespace($._config.namespace) +
service.mixin.metadata.withLabels({ 'k8s-app': 'arm-exporter' }) +
service.mixin.spec.withClusterIp('None'),
},
}