easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #857 from paulfantom/globals_experiment_1

Browse Source 
Remove mutating global state in node-exporter objects
This commit is contained in:
Paweł Krupa
2021-01-07 09:08:59 +01:00
committed by GitHub
parent 808c2f8c3d 3b7d4690ba
commit a36c6042e5
13 changed files with 381 additions and 309 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -18,9 +18,14 @@ Components included in this package:
This stack is meant for cluster monitoring, so it is pre-configured to collect metrics from all Kubernetes components. In addition to that it delivers a default set of dashboards and alerting rules. Many of the useful dashboards and alerts come from the [kubernetes-mixin project](https://github.com/kubernetes-monitoring/kubernetes-mixin), similar to this project it provides composable jsonnet as a library for users to customize to their needs. This stack is meant for cluster monitoring, so it is pre-configured to collect metrics from all Kubernetes components. In addition to that it delivers a default set of dashboards and alerting rules. Many of the useful dashboards and alerts come from the [kubernetes-mixin project](https://github.com/kubernetes-monitoring/kubernetes-mixin), similar to this project it provides composable jsonnet as a library for users to customize to their needs.
## Warning
`master` branch is under heavy refactoring work. Please use `release-0.7` branch until code refactoring is complete and this information is removed.
## Table of contents ## Table of contents
- [kube-prometheus](#kube-prometheus) - [kube-prometheus](#kube-prometheus)
- [Warning](#warning)
- [Table of contents](#table-of-contents) - [Table of contents](#table-of-contents)
- [Prerequisites](#prerequisites) - [Prerequisites](#prerequisites)
- [minikube](#minikube) - [minikube](#minikube)
@@ -53,8 +58,9 @@ This stack is meant for cluster monitoring, so it is pre-configured to collect m
- [Stripping container resource limits](#stripping-container-resource-limits) - [Stripping container resource limits](#stripping-container-resource-limits)
- [Customizing Prometheus alerting/recording rules and Grafana dashboards](#customizing-prometheus-alertingrecording-rules-and-grafana-dashboards) - [Customizing Prometheus alerting/recording rules and Grafana dashboards](#customizing-prometheus-alertingrecording-rules-and-grafana-dashboards)
- [Exposing Prometheus/Alermanager/Grafana via Ingress](#exposing-prometheusalermanagergrafana-via-ingress) - [Exposing Prometheus/Alermanager/Grafana via Ingress](#exposing-prometheusalermanagergrafana-via-ingress)
- [Setting up a blackbox exporter](#setting-up-a-blackbox exporter) - [Setting up a blackbox exporter](#setting-up-a-blackbox-exporter)
- [Minikube Example](#minikube-example) - [Minikube Example](#minikube-example)
- [Continuous Delivery](#continuous-delivery)
- [Troubleshooting](#troubleshooting) - [Troubleshooting](#troubleshooting)
- [Error retrieving kubelet metrics](#error-retrieving-kubelet-metrics) - [Error retrieving kubelet metrics](#error-retrieving-kubelet-metrics)
- [Authentication problem](#authentication-problem) - [Authentication problem](#authentication-problem)

2
jsonnet/kube-prometheus/blackbox-exporter/blackbox-exporter.libsonnet
View File

@@ -1,4 +1,4 @@
local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet';
{ {
_config+:: { _config+:: {

15
jsonnet/kube-prometheus/kube-prometheus.libsonnet
View File

@@ -1,9 +1,10 @@
local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet'; local kubeRbacProxyContainer = import './kube-rbac-proxy/containerMixin.libsonnet';
local nodeExporter = import './node-exporter/node-exporter.libsonnet';
(import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') + (import 'github.com/brancz/kubernetes-grafana/grafana/grafana.libsonnet') +
(import './kube-state-metrics/kube-state-metrics.libsonnet') + (import './kube-state-metrics/kube-state-metrics.libsonnet') +
(import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') + (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics-mixin/mixin.libsonnet') +
(import './node-exporter/node-exporter.libsonnet') +
(import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') + (import 'github.com/prometheus/node_exporter/docs/node-mixin/mixin.libsonnet') +
(import './blackbox-exporter/blackbox-exporter.libsonnet') + (import './blackbox-exporter/blackbox-exporter.libsonnet') +
(import './alertmanager/alertmanager.libsonnet') + (import './alertmanager/alertmanager.libsonnet') +
@@ -17,6 +18,11 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet';
(import './alerts/alerts.libsonnet') + (import './alerts/alerts.libsonnet') +
(import './rules/rules.libsonnet') + (import './rules/rules.libsonnet') +
{ {
nodeExporter: nodeExporter({
namespace: $._config.namespace,
version: '1.0.1',
image: 'quay.io/prometheus/node-exporter:v1.0.1',
}),
kubePrometheus+:: { kubePrometheus+:: {
namespace: { namespace: {
apiVersion: 'v1', apiVersion: 'v1',
@@ -84,7 +90,6 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet';
}, },
}).deploymentMixin, }).deploymentMixin,
grafana+:: { grafana+:: {
local dashboardDefinitions = super.dashboardDefinitions, local dashboardDefinitions = super.dashboardDefinitions,
@@ -197,10 +202,6 @@ local kubeRbacProxyContainer = import './kube-rbac-proxy/container.libsonnet';
requests: { cpu: '100m', memory: '150Mi' }, requests: { cpu: '100m', memory: '150Mi' },
limits: { cpu: '100m', memory: '150Mi' }, limits: { cpu: '100m', memory: '150Mi' },
}, },
'node-exporter': {
requests: { cpu: '102m', memory: '180Mi' },
limits: { cpu: '250m', memory: '180Mi' },
},
}, },
prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts }, prometheus+:: { rules: $.prometheusRules + $.prometheusAlerts },
grafana+:: { grafana+:: {

131
jsonnet/kube-prometheus/kube-rbac-proxy/container.libsonnet
View File

@@ -1,93 +1,64 @@
{ local defaults = {
local krp = self, local defaults = self,
config+:: { namespace: error 'must provide namespace',
kubeRbacProxy: { image: 'quay.io/brancz/kube-rbac-proxy:v0.8.0',
image: error 'must provide image', ports: error 'must provide ports',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress', secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream', upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites', resources: {
}, requests: { cpu: '10m', memory: '20Mi' },
limits: { cpu: '20m', memory: '40Mi' },
}, },
tlsCipherSuites: [
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
specMixin:: { // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
local sm = self, // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
config+:: { // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
kubeRbacProxy: { // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
image: error 'must provide image', // 'TLS_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
name: error 'must provide name', // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2
securePortName: error 'must provide securePortName', // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2
securePort: error 'must provide securePort', // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
secureListenAddress: error 'must provide secureListenAddress', // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // disabled by h2
upstream: error 'must provide upstream', // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // disabled by h2
tlsCipherSuites: error 'must provide tlsCipherSuites', // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
}, // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
}, // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
spec+: { // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
template+: { // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
spec+: { // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', // insecure: https://access.redhat.com/security/cve/cve-2013-0169
containers+: [{
name: krp.config.kubeRbacProxy.name, // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go
image: krp.config.kubeRbacProxy.image,
'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305',
'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',
],
};
function(params) {
local krp = self,
config:: defaults + params,
// Safety check
assert std.isObject(krp.config.resources),
name: krp.config.name,
image: krp.config.image,
args: [ args: [
'--logtostderr', '--logtostderr',
'--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress, '--secure-listen-address=' + krp.config.secureListenAddress,
'--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites), '--tls-cipher-suites=' + std.join(',', krp.config.tlsCipherSuites),
'--upstream=' + krp.config.kubeRbacProxy.upstream, '--upstream=' + krp.config.upstream,
],
ports: [
{ name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
], ],
resources: krp.config.resources,
ports: krp.config.ports,
securityContext: { securityContext: {
runAsUser: 65532, runAsUser: 65532,
runAsGroup: 65532, runAsGroup: 65532,
runAsNonRoot: true, runAsNonRoot: true,
}, },
}],
},
},
},
},
deploymentMixin:: {
local dm = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
deployment+: krp.specMixin {
config+:: {
kubeRbacProxy+: dm.config.kubeRbacProxy,
},
},
},
statefulSetMixin:: {
local sm = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
statefulSet+: krp.specMixin {
config+:: {
kubeRbacProxy+: sm.config.kubeRbacProxy,
},
},
},
} }

96
jsonnet/kube-prometheus/kube-rbac-proxy/containerMixin.libsonnet Normal file
View File

@@ -0,0 +1,96 @@
// TODO(paulfantom): remove the file after all usage of kube-rbac-proxy/containerMixin.libsonnet
// are converted to use kube-rbac-proxy/container.libsonnet
{
local krp = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
specMixin:: {
local sm = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
spec+: {
template+: {
spec+: {
containers+: [{
name: krp.config.kubeRbacProxy.name,
image: krp.config.kubeRbacProxy.image,
args: [
'--logtostderr',
'--secure-listen-address=' + krp.config.kubeRbacProxy.secureListenAddress,
'--tls-cipher-suites=' + std.join(',', krp.config.kubeRbacProxy.tlsCipherSuites),
'--upstream=' + krp.config.kubeRbacProxy.upstream,
],
ports: [
{ name: krp.config.kubeRbacProxy.securePortName, containerPort: krp.config.kubeRbacProxy.securePort },
],
securityContext: {
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
}],
},
},
},
},
deploymentMixin:: {
local dm = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
deployment+: krp.specMixin {
config+:: {
kubeRbacProxy+: dm.config.kubeRbacProxy,
},
},
},
statefulSetMixin:: {
local sm = self,
config+:: {
kubeRbacProxy: {
image: error 'must provide image',
name: error 'must provide name',
securePortName: error 'must provide securePortName',
securePort: error 'must provide securePort',
secureListenAddress: error 'must provide secureListenAddress',
upstream: error 'must provide upstream',
tlsCipherSuites: error 'must provide tlsCipherSuites',
},
},
statefulSet+: krp.specMixin {
config+:: {
kubeRbacProxy+: sm.config.kubeRbacProxy,
},
},
},
}

2
jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
View File

@@ -1,4 +1,4 @@
local kubeRbacProxyContainer = import '../kube-rbac-proxy/container.libsonnet'; local kubeRbacProxyContainer = import '../kube-rbac-proxy/containerMixin.libsonnet';
local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet'; local ksm = import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-state-metrics/kube-state-metrics.libsonnet';
{ {

238
jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
View File

@@ -1,33 +1,42 @@
{ local krp = (import '../kube-rbac-proxy/container.libsonnet');
_config+:: {
namespace: 'default',
versions+:: { nodeExporter: 'v1.0.1' },
imageRepos+:: { nodeExporter: 'quay.io/prometheus/node-exporter' },
nodeExporter+:: { local defaults = {
local defaults = self,
namespace: error 'must provide namespace',
version: error 'must provide version',
image: error 'must provide version',
resources: {
requests: { cpu: '102m', memory: '180Mi' },
limits: { cpu: '250m', memory: '180Mi' },
},
listenAddress: '127.0.0.1', listenAddress: '127.0.0.1',
port: 9100, port: 9100,
labels: { commonLabels:: {
'app.kubernetes.io/name': 'node-exporter', 'app.kubernetes.io/name': 'node-exporter',
'app.kubernetes.io/version': $._config.versions.nodeExporter, 'app.kubernetes.io/version': defaults.version,
'app.kubernetes.io/component': 'exporter', 'app.kubernetes.io/component': 'exporter',
'app.kubernetes.io/part-of': 'kube-prometheus', 'app.kubernetes.io/part-of': 'kube-prometheus',
}, },
selectorLabels: { selectorLabels:: {
[labelName]: $._config.nodeExporter.labels[labelName] [labelName]: defaults.commonLabels[labelName]
for labelName in std.objectFields($._config.nodeExporter.labels) for labelName in std.objectFields(defaults.commonLabels)
if !std.setMember(labelName, ['app.kubernetes.io/version']) if !std.setMember(labelName, ['app.kubernetes.io/version'])
}, },
}, };
},
function(params) {
local ne = self,
config:: defaults + params,
// Safety check
assert std.isObject(ne.config.resources),
nodeExporter+:: {
clusterRoleBinding: { clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1', apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRoleBinding', kind: 'ClusterRoleBinding',
metadata: { metadata: {
name: 'node-exporter', name: 'node-exporter',
labels: $._config.nodeExporter.labels, labels: ne.config.commonLabels,
}, },
roleRef: { roleRef: {
apiGroup: 'rbac.authorization.k8s.io', apiGroup: 'rbac.authorization.k8s.io',
@@ -37,7 +46,7 @@
subjects: [{ subjects: [{
kind: 'ServiceAccount', kind: 'ServiceAccount',
name: 'node-exporter', name: 'node-exporter',
namespace: $._config.namespace, namespace: ne.config.namespace,
}], }],
}, },
@@ -46,7 +55,7 @@
kind: 'ClusterRole', kind: 'ClusterRole',
metadata: { metadata: {
name: 'node-exporter', name: 'node-exporter',
labels: $._config.nodeExporter.labels, labels: ne.config.commonLabels,
}, },
rules: [ rules: [
{ {
@@ -58,96 +67,7 @@
apiGroups: ['authorization.k8s.io'], apiGroups: ['authorization.k8s.io'],
resources: ['subjectaccessreviews'], resources: ['subjectaccessreviews'],
verbs: ['create'], verbs: ['create'],
},
],
},
daemonset:
local nodeExporter = {
name: 'node-exporter',
image: $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter,
args: [
'--web.listen-address=' + std.join(':', [$._config.nodeExporter.listenAddress, std.toString($._config.nodeExporter.port)]),
'--path.sysfs=/host/sys',
'--path.rootfs=/host/root',
'--no-collector.wifi',
'--no-collector.hwmon',
'--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)',
],
volumeMounts: [
{ name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true },
{ name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true },
],
resources: $._config.resources['node-exporter'],
};
local proxy = {
name: 'kube-rbac-proxy',
image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
args: [
'--logtostderr',
'--secure-listen-address=[$(IP)]:' + $._config.nodeExporter.port,
'--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
'--upstream=http://127.0.0.1:' + $._config.nodeExporter.port + '/',
],
env: [
{ name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } },
],
// Keep `hostPort` here, rather than in the node-exporter container
// because Kubernetes mandates that if you define a `hostPort` then
// `containerPort` must match. In our case, we are splitting the
// host port and container port between the two containers.
// We'll keep the port specification here so that the named port
// used by the service is tied to the proxy container. We *could*
// forgo declaring the host port, however it is important to declare
// it so that the scheduler can decide if the pod is schedulable.
ports: [
{ name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port },
],
resources: $._config.resources['kube-rbac-proxy'],
securityContext: {
runAsUser: 65532,
runAsGroup: 65532,
runAsNonRoot: true,
},
};
{
apiVersion: 'apps/v1',
kind: 'DaemonSet',
metadata: {
name: 'node-exporter',
namespace: $._config.namespace,
labels: $._config.nodeExporter.labels,
},
spec: {
selector: { matchLabels: $._config.nodeExporter.selectorLabels },
updateStrategy: {
type: 'RollingUpdate',
rollingUpdate: { maxUnavailable: '10%' },
},
template: {
metadata: { labels: $._config.nodeExporter.labels },
spec: {
nodeSelector: { 'kubernetes.io/os': 'linux' },
tolerations: [{
operator: 'Exists',
}], }],
containers: [nodeExporter, proxy],
volumes: [
{ name: 'sys', hostPath: { path: '/sys' } },
{ name: 'root', hostPath: { path: '/' } },
],
serviceAccountName: 'node-exporter',
securityContext: {
runAsUser: 65534,
runAsNonRoot: true,
},
hostPID: true,
hostNetwork: true,
},
},
},
}, },
serviceAccount: { serviceAccount: {
@@ -155,8 +75,25 @@
kind: 'ServiceAccount', kind: 'ServiceAccount',
metadata: { metadata: {
name: 'node-exporter', name: 'node-exporter',
namespace: $._config.namespace, namespace: ne.config.namespace,
labels: $._config.nodeExporter.labels, labels: ne.config.commonLabels,
},
},
service: {
apiVersion: 'v1',
kind: 'Service',
metadata: {
name: 'node-exporter',
namespace: ne.config.namespace,
labels: ne.config.commonLabels,
},
spec: {
ports: [
{ name: 'https', targetPort: 'https', port: ne.config.port },
],
selector: ne.config.selectorLabels,
clusterIP: 'None',
}, },
}, },
@@ -165,13 +102,13 @@
kind: 'ServiceMonitor', kind: 'ServiceMonitor',
metadata: { metadata: {
name: 'node-exporter', name: 'node-exporter',
namespace: $._config.namespace, namespace: ne.config.namespace,
labels: $._config.nodeExporter.labels, labels: ne.config.commonLabels,
}, },
spec: { spec: {
jobLabel: 'app.kubernetes.io/name', jobLabel: 'app.kubernetes.io/name',
selector: { selector: {
matchLabels: $._config.nodeExporter.selectorLabels, matchLabels: ne.config.selectorLabels,
}, },
endpoints: [{ endpoints: [{
port: 'https', port: 'https',
@@ -194,20 +131,81 @@
}, },
}, },
service: { daemonset:
apiVersion: 'v1', local nodeExporter = {
kind: 'Service', name: 'node-exporter',
image: ne.config.image,
args: [
'--web.listen-address=' + std.join(':', [ne.config.listenAddress, std.toString(ne.config.port)]),
'--path.sysfs=/host/sys',
'--path.rootfs=/host/root',
'--no-collector.wifi',
'--no-collector.hwmon',
'--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)',
],
volumeMounts: [
{ name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true },
{ name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true },
],
resources: ne.config.resources,
};
local kubeRbacProxy = krp({
name: 'kube-rbac-proxy',
//image: krpImage,
upstream: 'http://127.0.0.1:' + ne.config.port + '/',
secureListenAddress: '[$(IP)]:' + ne.config.port,
// Keep `hostPort` here, rather than in the node-exporter container
// because Kubernetes mandates that if you define a `hostPort` then
// `containerPort` must match. In our case, we are splitting the
// host port and container port between the two containers.
// We'll keep the port specification here so that the named port
// used by the service is tied to the proxy container. We *could*
// forgo declaring the host port, however it is important to declare
// it so that the scheduler can decide if the pod is schedulable.
ports: [
{ name: 'https', containerPort: ne.config.port, hostPort: ne.config.port },
],
}) + {
env: [
{ name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } },
]
};
{
apiVersion: 'apps/v1',
kind: 'DaemonSet',
metadata: { metadata: {
name: 'node-exporter', name: 'node-exporter',
namespace: $._config.namespace, namespace: ne.config.namespace,
labels: $._config.nodeExporter.labels, labels: ne.config.commonLabels,
}, },
spec: { spec: {
ports: [ selector: { matchLabels: ne.config.selectorLabels },
{ name: 'https', targetPort: 'https', port: $._config.nodeExporter.port }, updateStrategy: {
type: 'RollingUpdate',
rollingUpdate: { maxUnavailable: '10%' },
},
template: {
metadata: { labels: ne.config.commonLabels },
spec: {
nodeSelector: { 'kubernetes.io/os': 'linux' },
tolerations: [{
operator: 'Exists',
}],
containers: [nodeExporter, kubeRbacProxy],
volumes: [
{ name: 'sys', hostPath: { path: '/sys' } },
{ name: 'root', hostPath: { path: '/' } },
], ],
selector: $._config.nodeExporter.selectorLabels, serviceAccountName: 'node-exporter',
clusterIP: 'None', securityContext: {
runAsUser: 65534,
runAsNonRoot: true,
},
hostPID: true,
hostNetwork: true,
},
}, },
}, },
}, },

2
manifests/node-exporter-clusterRole.yaml
View File

@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: v1.0.1 app.kubernetes.io/version: 1.0.1
name: node-exporter name: node-exporter
rules: rules:
- apiGroups: - apiGroups:

2
manifests/node-exporter-clusterRoleBinding.yaml
View File

@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: v1.0.1 app.kubernetes.io/version: 1.0.1
name: node-exporter name: node-exporter
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io

4
manifests/node-exporter-daemonset.yaml
View File

@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: v1.0.1 app.kubernetes.io/version: 1.0.1
name: node-exporter name: node-exporter
namespace: monitoring namespace: monitoring
spec: spec:
@@ -20,7 +20,7 @@ spec:
app.kubernetes.io/component: exporter app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: v1.0.1 app.kubernetes.io/version: 1.0.1
spec: spec:
containers: containers:
- args: - args:

2
manifests/node-exporter-service.yaml
View File

@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: v1.0.1 app.kubernetes.io/version: 1.0.1
name: node-exporter name: node-exporter
namespace: monitoring namespace: monitoring
spec: spec:

2
manifests/node-exporter-serviceAccount.yaml
View File

@@ -5,6 +5,6 @@ metadata:
app.kubernetes.io/component: exporter app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: v1.0.1 app.kubernetes.io/version: 1.0.1
name: node-exporter name: node-exporter
namespace: monitoring namespace: monitoring

2
manifests/node-exporter-serviceMonitor.yaml
View File

@@ -5,7 +5,7 @@ metadata:
app.kubernetes.io/component: exporter app.kubernetes.io/component: exporter
app.kubernetes.io/name: node-exporter app.kubernetes.io/name: node-exporter
app.kubernetes.io/part-of: kube-prometheus app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: v1.0.1 app.kubernetes.io/version: 1.0.1
name: node-exporter name: node-exporter
namespace: monitoring namespace: monitoring
spec: spec: