easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #863 from paulfantom/blackbox-global

Browse Source 
Remove mutating global state in blackbox-exporter objects
This commit is contained in:
Paweł Krupa
2021-01-07 11:39:50 +01:00
committed by GitHub
parent 5ca429157f 1c06faf207
commit 4b47de57f8
6 changed files with 209 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

165
jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet
View File

@@ -1,36 +1,30 @@
local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet'; local krp = import '../kube-rbac-proxy/container.libsonnet';
{ local defaults = {
_config+:: { local defaults = self,
namespace: 'default', namespace: error 'must provide namespace',
version: error 'must provide version',
versions+:: { image: error 'must provide version',
blackboxExporter: 'v0.18.0', resources: {
configmapReloader: 'v0.4.0',
},
imageRepos+:: {
blackboxExporter: 'quay.io/prometheus/blackbox-exporter',
configmapReloader: 'jimmidyson/configmap-reload',
},
resources+:: {
'blackbox-exporter': {
requests: { cpu: '10m', memory: '20Mi' }, requests: { cpu: '10m', memory: '20Mi' },
limits: { cpu: '20m', memory: '40Mi' }, limits: { cpu: '20m', memory: '40Mi' },
}, },
commonLabels:: {
'app.kubernetes.io/name': 'blackbox-exporter',
'app.kubernetes.io/version': defaults.version,
'app.kubernetes.io/component': 'exporter',
'app.kubernetes.io/part-of': 'kube-prometheus',
}, },
selectorLabels:: {
[labelName]: defaults.commonLabels[labelName]
for labelName in std.objectFields(defaults.commonLabels)
if !std.setMember(labelName, ['app.kubernetes.io/version'])
},
configmapReloaderImage: 'jimmidyson/configmap-reload:v0.4.0',
blackboxExporter: {
port: 9115, port: 9115,
internalPort: 19115, internalPort: 19115,
replicas: 1, replicas: 1,
matchLabels: {
'app.kubernetes.io/name': 'blackbox-exporter',
},
assignLabels: self.matchLabels {
'app.kubernetes.io/version': $._config.versions.blackboxExporter,
},
modules: { modules: {
http_2xx: { http_2xx: {
prober: 'http', prober: 'http',
@@ -89,21 +83,25 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
privileged: privileged:
local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp']; local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp'];
std.length(icmpModules) > 0, std.length(icmpModules) > 0,
}, };
},
function(params) {
local bb = self,
config:: defaults + params,
// Safety check
assert std.isObject(bb.config.resources),
blackboxExporter+::
local bb = $._config.blackboxExporter;
{
configuration: { configuration: {
apiVersion: 'v1', apiVersion: 'v1',
kind: 'ConfigMap', kind: 'ConfigMap',
metadata: { metadata: {
name: 'blackbox-exporter-configuration', name: 'blackbox-exporter-configuration',
namespace: $._config.namespace, namespace: bb.config.namespace,
labels: bb.config.commonLabels,
}, },
data: { data: {
'config.yml': std.manifestYamlDoc({ modules: bb.modules }), 'config.yml': std.manifestYamlDoc({ modules: bb.config.modules }),
}, },
}, },
@@ -112,7 +110,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
kind: 'ServiceAccount', kind: 'ServiceAccount',
metadata: { metadata: {
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, namespace: bb.config.namespace,
}, },
}, },
@@ -150,41 +148,24 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
subjects: [{ subjects: [{
kind: 'ServiceAccount', kind: 'ServiceAccount',
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, namespace: bb.config.namespace,
}], }],
}, },
deployment: { deployment:
apiVersion: 'apps/v1', local blackboxExporter = {
kind: 'Deployment',
metadata: {
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, image: bb.config.image,
labels: bb.assignLabels,
},
spec: {
replicas: bb.replicas,
selector: { matchLabels: bb.matchLabels },
template: {
metadata: { labels: bb.assignLabels },
spec: {
containers: [
{
name: 'blackbox-exporter',
image: $._config.imageRepos.blackboxExporter + ':' + $._config.versions.blackboxExporter,
args: [ args: [
'--config.file=/etc/blackbox_exporter/config.yml', '--config.file=/etc/blackbox_exporter/config.yml',
'--web.listen-address=:%d' % bb.internalPort, '--web.listen-address=:%d' % bb.config.internalPort,
], ],
ports: [{ ports: [{
name: 'http', name: 'http',
containerPort: bb.internalPort, containerPort: bb.config.internalPort,
}], }],
resources: { resources: bb.config.resources,
requests: $._config.resources['blackbox-exporter'].requests, securityContext: if bb.config.privileged then {
limits: $._config.resources['blackbox-exporter'].limits,
},
securityContext: if bb.privileged then {
runAsNonRoot: false, runAsNonRoot: false,
capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, capabilities: { drop: ['ALL'], add: ['NET_RAW'] },
} else { } else {
@@ -196,18 +177,16 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
name: 'config', name: 'config',
readOnly: true, readOnly: true,
}], }],
}, };
{
local reloader = {
name: 'module-configmap-reloader', name: 'module-configmap-reloader',
image: $._config.imageRepos.configmapReloader + ':' + $._config.versions.configmapReloader, image: bb.config.configmapReloaderImage,
args: [ args: [
'--webhook-url=http://localhost:%d/-/reload' % bb.internalPort, '--webhook-url=http://localhost:%d/-/reload' % bb.config.internalPort,
'--volume-dir=/etc/blackbox_exporter/', '--volume-dir=/etc/blackbox_exporter/',
], ],
resources: { resources: bb.config.resources,
requests: $._config.resources['blackbox-exporter'].requests,
limits: $._config.resources['blackbox-exporter'].limits,
},
securityContext: { runAsNonRoot: true, runAsUser: 65534 }, securityContext: { runAsNonRoot: true, runAsUser: 65534 },
terminationMessagePath: '/dev/termination-log', terminationMessagePath: '/dev/termination-log',
terminationMessagePolicy: 'FallbackToLogsOnError', terminationMessagePolicy: 'FallbackToLogsOnError',
@@ -216,8 +195,32 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
name: 'config', name: 'config',
readOnly: true, readOnly: true,
}], }],
}, };
local kubeRbacProxy = krp({
name: 'kube-rbac-proxy',
upstream: 'http://127.0.0.1:' + bb.config.internalPort + '/',
secureListenAddress: ':' + bb.config.port,
ports: [
{ name: 'https', containerPort: bb.config.port },
], ],
});
{
apiVersion: 'apps/v1',
kind: 'Deployment',
metadata: {
name: 'blackbox-exporter',
namespace: bb.config.namespace,
labels: bb.config.commonLabels,
},
spec: {
replicas: bb.config.replicas,
selector: { matchLabels: bb.config.selectorLabels },
template: {
metadata: { labels: bb.config.commonLabels },
spec: {
containers: [blackboxExporter, reloader, kubeRbacProxy],
nodeSelector: { 'kubernetes.io/os': 'linux' }, nodeSelector: { 'kubernetes.io/os': 'linux' },
serviceAccountName: 'blackbox-exporter', serviceAccountName: 'blackbox-exporter',
volumes: [{ volumes: [{
@@ -234,20 +237,20 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
kind: 'Service', kind: 'Service',
metadata: { metadata: {
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, namespace: bb.config.namespace,
labels: bb.assignLabels, labels: bb.config.commonLabels,
}, },
spec: { spec: {
ports: [{ ports: [{
name: 'https', name: 'https',
port: bb.port, port: bb.config.port,
targetPort: 'https', targetPort: 'https',
}, { }, {
name: 'probe', name: 'probe',
port: bb.internalPort, port: bb.config.internalPort,
targetPort: 'http', targetPort: 'http',
}], }],
selector: bb.matchLabels, selector: bb.config.selectorLabels,
}, },
}, },
@@ -257,8 +260,8 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
kind: 'ServiceMonitor', kind: 'ServiceMonitor',
metadata: { metadata: {
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, namespace: bb.config.namespace,
labels: bb.assignLabels, labels: bb.config.commonLabels,
}, },
spec: { spec: {
endpoints: [{ endpoints: [{
@@ -272,22 +275,8 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
}, },
}], }],
selector: { selector: {
matchLabels: bb.matchLabels, matchLabels: bb.config.selectorLabels,
}, },
}, },
}, },
} +
(kubeRbacProxyContainer {
config+:: {
kubeRbacProxy: {
image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
name: 'kube-rbac-proxy',
securePortName: 'https',
securePort: bb.port,
secureListenAddress: ':%d' % self.securePort,
upstream: 'http://127.0.0.1:%d/' % bb.internalPort,
tlsCipherSuites: $._config.tlsCipherSuites,
},
},
}).deploymentMixin,
} }

8
jsonnet/kube-prometheus/kube-prometheus.libsonnet
View File

@@ -5,11 +5,12 @@ local alertmanager = import './alertmanager/alertmanager.libsonnet';
local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet';
local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet';
(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
(import './kube-state-metrics/kube-state-metrics.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') +
(import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') +
(import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') +
(import './blackbox-exporter/blackbox-exporter.libsonnet') +
(import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') +
(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') +
(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') +
@@ -36,6 +37,11 @@ local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libson
image: 'directxman12/k8s-prometheus-adapter:v0.8.2', image: 'directxman12/k8s-prometheus-adapter:v0.8.2',
prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/',
}), }),
blackboxExporter: blackboxExporter({
namespace: $._config.namespace,
version: '0.18.0',
image: 'quay.io/prometheus/blackbox-exporter:v0.18.0',
}),
kubePrometheus+:: { kubePrometheus+:: {
namespace: { namespace: {
apiVersion: 'v1', apiVersion: 'v1',

5
manifests/blackbox-exporter-configuration.yaml
View File

@@ -42,5 +42,10 @@ data:
"preferred_ip_protocol": "ip4" "preferred_ip_protocol": "ip4"
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
name: blackbox-exporter-configuration name: blackbox-exporter-configuration
namespace: monitoring namespace: monitoring

17
manifests/blackbox-exporter-deployment.yaml
View File

@@ -2,20 +2,26 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/version: v0.18.0 app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
name: blackbox-exporter name: blackbox-exporter
namespace: monitoring namespace: monitoring
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
template: template:
metadata: metadata:
labels: labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/version: v0.18.0 app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
spec: spec:
containers: containers:
- args: - args:
@@ -71,6 +77,13 @@ spec:
ports: ports:
- containerPort: 9115 - containerPort: 9115
name: https name: https
resources:
limits:
cpu: 20m
memory: 40Mi
requests:
cpu: 10m
memory: 20Mi
securityContext: securityContext:
runAsGroup: 65532 runAsGroup: 65532
runAsNonRoot: true runAsNonRoot: true

6
manifests/blackbox-exporter-service.yaml
View File

@@ -2,8 +2,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/version: v0.18.0 app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
name: blackbox-exporter name: blackbox-exporter
namespace: monitoring namespace: monitoring
spec: spec:
@@ -15,4 +17,6 @@ spec:
port: 19115 port: 19115
targetPort: http targetPort: http
selector: selector:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus

6
manifests/blackbox-exporter-serviceMonitor.yaml
View File

@@ -2,8 +2,10 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
labels: labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/version: v0.18.0 app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
name: blackbox-exporter name: blackbox-exporter
namespace: monitoring namespace: monitoring
spec: spec:
@@ -17,4 +19,6 @@ spec:
insecureSkipVerify: true insecureSkipVerify: true
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus