easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #863 from paulfantom/blackbox-global

Browse Source 
Remove mutating global state in blackbox-exporter objects
This commit is contained in:
Paweł Krupa
2021-01-07 11:39:50 +01:00
committed by GitHub
parent 5ca429157f 1c06faf207
commit 4b47de57f8
6 changed files with 209 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

355
jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet
View File

@@ -1,109 +1,107 @@
local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet'; local krp = import '../kube-rbac-proxy/container.libsonnet';
{ local defaults = {
_config+:: { local defaults = self,
namespace: 'default', namespace: error 'must provide namespace',
version: error 'must provide version',
image: error 'must provide version',
resources: {
requests: { cpu: '10m', memory: '20Mi' },
limits: { cpu: '20m', memory: '40Mi' },
},
commonLabels:: {
'app.kubernetes.io/name': 'blackbox-exporter',
'app.kubernetes.io/version': defaults.version,
'app.kubernetes.io/component': 'exporter',
'app.kubernetes.io/part-of': 'kube-prometheus',
},
selectorLabels:: {
[labelName]: defaults.commonLabels[labelName]
for labelName in std.objectFields(defaults.commonLabels)
if !std.setMember(labelName, ['app.kubernetes.io/version'])
},
configmapReloaderImage: 'jimmidyson/configmap-reload:v0.4.0',
versions+:: { port: 9115,
blackboxExporter: 'v0.18.0', internalPort: 19115,
configmapReloader: 'v0.4.0', replicas: 1,
}, modules: {
http_2xx: {
imageRepos+:: { prober: 'http',
blackboxExporter: 'quay.io/prometheus/blackbox-exporter', http: {
configmapReloader: 'jimmidyson/configmap-reload', preferred_ip_protocol: 'ip4',
},
resources+:: {
'blackbox-exporter': {
requests: { cpu: '10m', memory: '20Mi' },
limits: { cpu: '20m', memory: '40Mi' },
}, },
}, },
http_post_2xx: {
blackboxExporter: { prober: 'http',
port: 9115, http: {
internalPort: 19115, method: 'POST',
replicas: 1, preferred_ip_protocol: 'ip4',
matchLabels: {
'app.kubernetes.io/name': 'blackbox-exporter',
}, },
assignLabels: self.matchLabels { },
'app.kubernetes.io/version': $._config.versions.blackboxExporter, tcp_connect: {
prober: 'tcp',
tcp: {
preferred_ip_protocol: 'ip4',
}, },
modules: { },
http_2xx: { pop3s_banner: {
prober: 'http', prober: 'tcp',
http: { tcp: {
preferred_ip_protocol: 'ip4', query_response: [
}, { expect: '^+OK' },
}, ],
http_post_2xx: { tls: true,
prober: 'http', tls_config: {
http: { insecure_skip_verify: false,
method: 'POST',
preferred_ip_protocol: 'ip4',
},
},
tcp_connect: {
prober: 'tcp',
tcp: {
preferred_ip_protocol: 'ip4',
},
},
pop3s_banner: {
prober: 'tcp',
tcp: {
query_response: [
{ expect: '^+OK' },
],
tls: true,
tls_config: {
insecure_skip_verify: false,
},
preferred_ip_protocol: 'ip4',
},
},
ssh_banner: {
prober: 'tcp',
tcp: {
query_response: [
{ expect: '^SSH-2.0-' },
],
preferred_ip_protocol: 'ip4',
},
},
irc_banner: {
prober: 'tcp',
tcp: {
query_response: [
{ send: 'NICK prober' },
{ send: 'USER prober prober prober :prober' },
{ expect: 'PING :([^ ]+)', send: 'PONG ${1}' },
{ expect: '^:[^ ]+ 001' },
],
preferred_ip_protocol: 'ip4',
},
}, },
preferred_ip_protocol: 'ip4',
},
},
ssh_banner: {
prober: 'tcp',
tcp: {
query_response: [
{ expect: '^SSH-2.0-' },
],
preferred_ip_protocol: 'ip4',
},
},
irc_banner: {
prober: 'tcp',
tcp: {
query_response: [
{ send: 'NICK prober' },
{ send: 'USER prober prober prober :prober' },
{ expect: 'PING :([^ ]+)', send: 'PONG ${1}' },
{ expect: '^:[^ ]+ 001' },
],
preferred_ip_protocol: 'ip4',
}, },
privileged:
local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp'];
std.length(icmpModules) > 0,
}, },
}, },
privileged:
local icmpModules = [self.modules[m] for m in std.objectFields(self.modules) if self.modules[m].prober == 'icmp'];
std.length(icmpModules) > 0,
};
function(params) {
local bb = self,
config:: defaults + params,
// Safety check
assert std.isObject(bb.config.resources),
blackboxExporter+::
local bb = $._config.blackboxExporter;
{
configuration: { configuration: {
apiVersion: 'v1', apiVersion: 'v1',
kind: 'ConfigMap', kind: 'ConfigMap',
metadata: { metadata: {
name: 'blackbox-exporter-configuration', name: 'blackbox-exporter-configuration',
namespace: $._config.namespace, namespace: bb.config.namespace,
labels: bb.config.commonLabels,
}, },
data: { data: {
'config.yml': std.manifestYamlDoc({ modules: bb.modules }), 'config.yml': std.manifestYamlDoc({ modules: bb.config.modules }),
}, },
}, },
@@ -112,7 +110,7 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
kind: 'ServiceAccount', kind: 'ServiceAccount',
metadata: { metadata: {
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, namespace: bb.config.namespace,
}, },
}, },
@@ -150,104 +148,109 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
subjects: [{ subjects: [{
kind: 'ServiceAccount', kind: 'ServiceAccount',
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, namespace: bb.config.namespace,
}], }],
}, },
deployment: { deployment:
apiVersion: 'apps/v1', local blackboxExporter = {
kind: 'Deployment',
metadata: {
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, image: bb.config.image,
labels: bb.assignLabels, args: [
}, '--config.file=/etc/blackbox_exporter/config.yml',
spec: { '--web.listen-address=:%d' % bb.config.internalPort,
replicas: bb.replicas, ],
selector: { matchLabels: bb.matchLabels }, ports: [{
template: { name: 'http',
metadata: { labels: bb.assignLabels }, containerPort: bb.config.internalPort,
spec: { }],
containers: [ resources: bb.config.resources,
{ securityContext: if bb.config.privileged then {
name: 'blackbox-exporter', runAsNonRoot: false,
image: $._config.imageRepos.blackboxExporter + ':' + $._config.versions.blackboxExporter, capabilities: { drop: ['ALL'], add: ['NET_RAW'] },
args: [ } else {
'--config.file=/etc/blackbox_exporter/config.yml', runAsNonRoot: true,
'--web.listen-address=:%d' % bb.internalPort, runAsUser: 65534,
], },
ports: [{ volumeMounts: [{
name: 'http', mountPath: '/etc/blackbox_exporter/',
containerPort: bb.internalPort, name: 'config',
}], readOnly: true,
resources: { }],
requests: $._config.resources['blackbox-exporter'].requests, };
limits: $._config.resources['blackbox-exporter'].limits,
}, local reloader = {
securityContext: if bb.privileged then { name: 'module-configmap-reloader',
runAsNonRoot: false, image: bb.config.configmapReloaderImage,
capabilities: { drop: ['ALL'], add: ['NET_RAW'] }, args: [
} else { '--webhook-url=http://localhost:%d/-/reload' % bb.config.internalPort,
runAsNonRoot: true, '--volume-dir=/etc/blackbox_exporter/',
runAsUser: 65534, ],
}, resources: bb.config.resources,
volumeMounts: [{ securityContext: { runAsNonRoot: true, runAsUser: 65534 },
mountPath: '/etc/blackbox_exporter/', terminationMessagePath: '/dev/termination-log',
name: 'config', terminationMessagePolicy: 'FallbackToLogsOnError',
readOnly: true, volumeMounts: [{
}], mountPath: '/etc/blackbox_exporter/',
}, name: 'config',
{ readOnly: true,
name: 'module-configmap-reloader', }],
image: $._config.imageRepos.configmapReloader + ':' + $._config.versions.configmapReloader, };
args: [
'--webhook-url=http://localhost:%d/-/reload' % bb.internalPort, local kubeRbacProxy = krp({
'--volume-dir=/etc/blackbox_exporter/', name: 'kube-rbac-proxy',
], upstream: 'http://127.0.0.1:' + bb.config.internalPort + '/',
resources: { secureListenAddress: ':' + bb.config.port,
requests: $._config.resources['blackbox-exporter'].requests, ports: [
limits: $._config.resources['blackbox-exporter'].limits, { name: 'https', containerPort: bb.config.port },
}, ],
securityContext: { runAsNonRoot: true, runAsUser: 65534 }, });
terminationMessagePath: '/dev/termination-log',
terminationMessagePolicy: 'FallbackToLogsOnError', {
volumeMounts: [{ apiVersion: 'apps/v1',
mountPath: '/etc/blackbox_exporter/', kind: 'Deployment',
name: 'config', metadata: {
readOnly: true, name: 'blackbox-exporter',
}], namespace: bb.config.namespace,
}, labels: bb.config.commonLabels,
], },
nodeSelector: { 'kubernetes.io/os': 'linux' }, spec: {
serviceAccountName: 'blackbox-exporter', replicas: bb.config.replicas,
volumes: [{ selector: { matchLabels: bb.config.selectorLabels },
name: 'config', template: {
configMap: { name: 'blackbox-exporter-configuration' }, metadata: { labels: bb.config.commonLabels },
}], spec: {
containers: [blackboxExporter, reloader, kubeRbacProxy],
nodeSelector: { 'kubernetes.io/os': 'linux' },
serviceAccountName: 'blackbox-exporter',
volumes: [{
name: 'config',
configMap: { name: 'blackbox-exporter-configuration' },
}],
},
}, },
}, },
}, },
},
service: { service: {
apiVersion: 'v1', apiVersion: 'v1',
kind: 'Service', kind: 'Service',
metadata: { metadata: {
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, namespace: bb.config.namespace,
labels: bb.assignLabels, labels: bb.config.commonLabels,
}, },
spec: { spec: {
ports: [{ ports: [{
name: 'https', name: 'https',
port: bb.port, port: bb.config.port,
targetPort: 'https', targetPort: 'https',
}, { }, {
name: 'probe', name: 'probe',
port: bb.internalPort, port: bb.config.internalPort,
targetPort: 'http', targetPort: 'http',
}], }],
selector: bb.matchLabels, selector: bb.config.selectorLabels,
}, },
}, },
@@ -257,8 +260,8 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
kind: 'ServiceMonitor', kind: 'ServiceMonitor',
metadata: { metadata: {
name: 'blackbox-exporter', name: 'blackbox-exporter',
namespace: $._config.namespace, namespace: bb.config.namespace,
labels: bb.assignLabels, labels: bb.config.commonLabels,
}, },
spec: { spec: {
endpoints: [{ endpoints: [{
@@ -272,22 +275,8 @@ local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonn
}, },
}], }],
selector: { selector: {
matchLabels: bb.matchLabels, matchLabels: bb.config.selectorLabels,
}, },
}, },
}, },
} + }
(kubeRbacProxyContainer {
config+:: {
kubeRbacProxy: {
image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
name: 'kube-rbac-proxy',
securePortName: 'https',
securePort: bb.port,
secureListenAddress: ':%d' % self.securePort,
upstream: 'http://127.0.0.1:%d/' % bb.internalPort,
tlsCipherSuites: $._config.tlsCipherSuites,
},
},
}).deploymentMixin,
}

8
jsonnet/kube-prometheus/kube-prometheus.libsonnet
View File

@@ -5,11 +5,12 @@ local alertmanager = import './alertmanager/alertmanager.libsonnet';
local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet'; local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libsonnet';
local blackboxExporter = import './blackbox-exporter/blackbox-exporter.libsonnet';
(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
(import './kube-state-metrics/kube-state-metrics.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') +
(import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') +
(import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') +
(import './blackbox-exporter/blackbox-exporter.libsonnet') +
(import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') + (import 'github.com/prometheus/alertmanager/doc/alertmanager-mixin/mixin.libsonnet') +
(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/prometheus-operator/prometheus-operator.libsonnet') +
(import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') + (import 'github.com/prometheus-operator/prometheus-operator/jsonnet/mixin/mixin.libsonnet') +
@@ -36,6 +37,11 @@ local prometheusAdapter = import './prometheus-adapter/prometheus-adapter.libson
image: 'directxman12/k8s-prometheus-adapter:v0.8.2', image: 'directxman12/k8s-prometheus-adapter:v0.8.2',
prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/', prometheusURL: 'http://prometheus-' + $._config.prometheus.name + '.' + $._config.namespace + '.svc.cluster.local:9090/',
}), }),
blackboxExporter: blackboxExporter({
namespace: $._config.namespace,
version: '0.18.0',
image: 'quay.io/prometheus/blackbox-exporter:v0.18.0',
}),
kubePrometheus+:: { kubePrometheus+:: {
namespace: { namespace: {
apiVersion: 'v1', apiVersion: 'v1',

5
manifests/blackbox-exporter-configuration.yaml
View File

@@ -42,5 +42,10 @@ data:
"preferred_ip_protocol": "ip4" "preferred_ip_protocol": "ip4"
kind: ConfigMap kind: ConfigMap
metadata: metadata:
labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
name: blackbox-exporter-configuration name: blackbox-exporter-configuration
namespace: monitoring namespace: monitoring

17
manifests/blackbox-exporter-deployment.yaml
View File

@@ -2,20 +2,26 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
labels: labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/version: v0.18.0 app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
name: blackbox-exporter name: blackbox-exporter
namespace: monitoring namespace: monitoring
spec: spec:
replicas: 1 replicas: 1
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus
template: template:
metadata: metadata:
labels: labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/version: v0.18.0 app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
spec: spec:
containers: containers:
- args: - args:
@@ -71,6 +77,13 @@ spec:
ports: ports:
- containerPort: 9115 - containerPort: 9115
name: https name: https
resources:
limits:
cpu: 20m
memory: 40Mi
requests:
cpu: 10m
memory: 20Mi
securityContext: securityContext:
runAsGroup: 65532 runAsGroup: 65532
runAsNonRoot: true runAsNonRoot: true

6
manifests/blackbox-exporter-service.yaml
View File

@@ -2,8 +2,10 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/version: v0.18.0 app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
name: blackbox-exporter name: blackbox-exporter
namespace: monitoring namespace: monitoring
spec: spec:
@@ -15,4 +17,6 @@ spec:
port: 19115 port: 19115
targetPort: http targetPort: http
selector: selector:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus

6
manifests/blackbox-exporter-serviceMonitor.yaml
View File

@@ -2,8 +2,10 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
labels: labels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/version: v0.18.0 app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 0.18.0
name: blackbox-exporter name: blackbox-exporter
namespace: monitoring namespace: monitoring
spec: spec:
@@ -17,4 +19,6 @@ spec:
insecureSkipVerify: true insecureSkipVerify: true
selector: selector:
matchLabels: matchLabels:
app.kubernetes.io/component: exporter
app.kubernetes.io/name: blackbox-exporter app.kubernetes.io/name: blackbox-exporter
app.kubernetes.io/part-of: kube-prometheus