From 2f302943fe96b5aaf474fe3ae5fab20330e8f0a1 Mon Sep 17 00:00:00 2001 From: Max Leonard Inden Date: Mon, 19 Mar 2018 14:19:55 +0100 Subject: [PATCH 1/2] Unify rule file label accross repository In some cases we have been using `alert-rules` in some cases `prometheus-rulefiles`. This led to confusion [1]. Instead, unify the Prometheus rules configmap labels to: ```yaml labels: role: alert-rules ``` [1] https://github.com/coreos/prometheus-operator/issues/1102 --- hack/scripts/generate-rules-configmap.sh | 2 +- manifests/prometheus/prometheus-k8s-rules.yaml | 2 +- manifests/prometheus/prometheus-k8s.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hack/scripts/generate-rules-configmap.sh b/hack/scripts/generate-rules-configmap.sh index 76ec64ca..96c5433f 100755 --- a/hack/scripts/generate-rules-configmap.sh +++ b/hack/scripts/generate-rules-configmap.sh @@ -6,7 +6,7 @@ kind: ConfigMap metadata: name: prometheus-k8s-rules labels: - role: prometheus-rulefiles + role: alert-rules prometheus: k8s data: EOF diff --git a/manifests/prometheus/prometheus-k8s-rules.yaml b/manifests/prometheus/prometheus-k8s-rules.yaml index 05368dc1..0e548cec 100644 --- a/manifests/prometheus/prometheus-k8s-rules.yaml +++ b/manifests/prometheus/prometheus-k8s-rules.yaml @@ -3,7 +3,7 @@ kind: ConfigMap metadata: name: prometheus-k8s-rules labels: - role: prometheus-rulefiles + role: alert-rules prometheus: k8s data: alertmanager.rules.yaml: |+ diff --git a/manifests/prometheus/prometheus-k8s.yaml b/manifests/prometheus/prometheus-k8s.yaml index 6ce11e9f..8f243eb0 100644 --- a/manifests/prometheus/prometheus-k8s.yaml +++ b/manifests/prometheus/prometheus-k8s.yaml @@ -13,7 +13,7 @@ spec: - {key: k8s-app, operator: Exists} ruleSelector: matchLabels: - role: prometheus-rulefiles + role: alert-rules prometheus: k8s resources: requests: From 310f471cf6bc160c07018fbe1441ef414b63d1ef Mon Sep 17 00:00:00 2001 From: Max Leonard Inden Date: Mon, 19 Mar 2018 17:03:42 +0100 Subject: [PATCH 2/2] contrib/kube: Add rbac role to discover prometheus The current example-app setup in the kube-prometheus project is able to discover scraping targets in the default namespace. It is not able to discover the configured Alertmanager in the monitoring namespace. This patch adds an alertmanager-discovery rbac role, to permit the above described action. In addition it does the following cleanups: - Remove kubeconfig configuration in deploy and teardown script. kubectl chooses .kube/config whenever KUBECONFIG is not set by default - Remove namespace specification option via NAMESPACE env var. In most of the manifests the metadata/namespace was hardcoded anyways, in addition in the promtheus frontend role binding the service account namespace is hardcoded to default as well. - Instead of `kubectl {apply,delete}` individual manifests, the deploy and teardown shell scripts {apply,delete} on the entire folder. --- hack/example-service-monitoring/deploy | 17 +---------------- hack/example-service-monitoring/teardown | 11 +---------- manifests/examples/example-app/example-app.yaml | 2 ++ ...end-alertmanager-discovery-role-binding.yaml | 13 +++++++++++++ ...us-frontend-alertmanager-discovery-role.yaml | 12 ++++++++++++ .../prometheus-frontend-service-account.yaml | 1 + .../example-app/prometheus-frontend-svc.yaml | 1 + .../example-app/servicemonitor-frontend.yaml | 3 ++- 8 files changed, 33 insertions(+), 27 deletions(-) create mode 100644 manifests/examples/example-app/prometheus-frontend-alertmanager-discovery-role-binding.yaml create mode 100644 manifests/examples/example-app/prometheus-frontend-alertmanager-discovery-role.yaml diff --git a/hack/example-service-monitoring/deploy b/hack/example-service-monitoring/deploy index ba922b84..18b0ef6a 100755 --- a/hack/example-service-monitoring/deploy +++ b/hack/example-service-monitoring/deploy @@ -1,18 +1,3 @@ #!/usr/bin/env bash -if [ -z "${KUBECONFIG}" ]; then - KUBECONFIG=~/.kube/config -fi - -if [ -z "${NAMESPACE}" ]; then - NAMESPACE=default -fi - -kubectl --namespace "$NAMESPACE" --kubeconfig="$KUBECONFIG" apply -f manifests/examples/example-app/prometheus-frontend-service-account.yaml -kubectl --namespace "$NAMESPACE" --kubeconfig="$KUBECONFIG" apply -f manifests/examples/example-app/prometheus-frontend-role.yaml -kubectl --namespace "$NAMESPACE" --kubeconfig="$KUBECONFIG" apply -f manifests/examples/example-app/prometheus-frontend-role-binding.yaml -kubectl --namespace "$NAMESPACE" --kubeconfig="$KUBECONFIG" apply -f manifests/examples/example-app/prometheus-frontend-svc.yaml -kubectl --namespace "$NAMESPACE" --kubeconfig="$KUBECONFIG" apply -f manifests/examples/example-app/example-app.yaml -kubectl --namespace "$NAMESPACE" --kubeconfig="$KUBECONFIG" apply -f manifests/examples/example-app/prometheus-frontend.yaml -kubectl --namespace "$NAMESPACE" --kubeconfig="$KUBECONFIG" apply -f manifests/examples/example-app/servicemonitor-frontend.yaml - +kubectl apply -f manifests/examples/example-app diff --git a/hack/example-service-monitoring/teardown b/hack/example-service-monitoring/teardown index a631fe3e..a5fc1760 100755 --- a/hack/example-service-monitoring/teardown +++ b/hack/example-service-monitoring/teardown @@ -1,12 +1,3 @@ #!/usr/bin/env bash -if [ -z "${KUBECONFIG}" ]; then - KUBECONFIG=~/.kube/config -fi - -if [ -z "${NAMESPACE}" ]; then - NAMESPACE=default -fi - -kubectl --namespace "$NAMESPACE" --kubeconfig="$KUBECONFIG" delete -f manifests/examples/example-app - +kubectl delete -f manifests/examples/example-app diff --git a/manifests/examples/example-app/example-app.yaml b/manifests/examples/example-app/example-app.yaml index adb6602b..0262fd3c 100644 --- a/manifests/examples/example-app/example-app.yaml +++ b/manifests/examples/example-app/example-app.yaml @@ -4,6 +4,7 @@ metadata: name: example-app labels: tier: frontend + namespace: default spec: selector: app: example-app @@ -17,6 +18,7 @@ apiVersion: extensions/v1beta1 kind: Deployment metadata: name: example-app + namespace: default spec: replicas: 4 template: diff --git a/manifests/examples/example-app/prometheus-frontend-alertmanager-discovery-role-binding.yaml b/manifests/examples/example-app/prometheus-frontend-alertmanager-discovery-role-binding.yaml new file mode 100644 index 00000000..09b3f5e4 --- /dev/null +++ b/manifests/examples/example-app/prometheus-frontend-alertmanager-discovery-role-binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: prometheus-frontend + namespace: monitoring +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: alertmanager-discovery +subjects: +- kind: ServiceAccount + name: prometheus-frontend + namespace: default diff --git a/manifests/examples/example-app/prometheus-frontend-alertmanager-discovery-role.yaml b/manifests/examples/example-app/prometheus-frontend-alertmanager-discovery-role.yaml new file mode 100644 index 00000000..84319cdd --- /dev/null +++ b/manifests/examples/example-app/prometheus-frontend-alertmanager-discovery-role.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: alertmanager-discovery + namespace: monitoring +rules: +- apiGroups: [""] + resources: + - services + - endpoints + - pods + verbs: ["list", "watch"] diff --git a/manifests/examples/example-app/prometheus-frontend-service-account.yaml b/manifests/examples/example-app/prometheus-frontend-service-account.yaml index abd3e0df..4dd7c26b 100644 --- a/manifests/examples/example-app/prometheus-frontend-service-account.yaml +++ b/manifests/examples/example-app/prometheus-frontend-service-account.yaml @@ -2,3 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: prometheus-frontend + namespace: default diff --git a/manifests/examples/example-app/prometheus-frontend-svc.yaml b/manifests/examples/example-app/prometheus-frontend-svc.yaml index 6a269155..7002e8f1 100644 --- a/manifests/examples/example-app/prometheus-frontend-svc.yaml +++ b/manifests/examples/example-app/prometheus-frontend-svc.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Service metadata: name: prometheus-frontend + namespace: default spec: type: NodePort ports: diff --git a/manifests/examples/example-app/servicemonitor-frontend.yaml b/manifests/examples/example-app/servicemonitor-frontend.yaml index cc3d42fa..709ab2cb 100644 --- a/manifests/examples/example-app/servicemonitor-frontend.yaml +++ b/manifests/examples/example-app/servicemonitor-frontend.yaml @@ -2,6 +2,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: frontend + namespace: default labels: tier: frontend spec: @@ -10,4 +11,4 @@ spec: tier: frontend endpoints: - port: web - interval: 10s \ No newline at end of file + interval: 10s