easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kube-prometheus: Convert to jsonnet

Browse Source
This commit is contained in:
Frederic Branczyk
2018-04-08 14:53:30 +02:00
parent 0d142fe9da
commit d8692794a9
54 changed files with 1249 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
jsonnet/node-exporter/node-exporter-cluster-role-binding.libsonnet Normal file
View File

@@ -0,0 +1,12 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
{
new(namespace)::
clusterRoleBinding.new() +
clusterRoleBinding.mixin.metadata.withName("node-exporter") +
clusterRoleBinding.mixin.roleRef.withApiGroup("rbac.authorization.k8s.io") +
clusterRoleBinding.mixin.roleRef.withName("node-exporter") +
clusterRoleBinding.mixin.roleRef.mixinInstance({kind: "ClusterRole"}) +
clusterRoleBinding.withSubjects([{kind: "ServiceAccount", name: "node-exporter", namespace: namespace}])
}

26
jsonnet/node-exporter/node-exporter-cluster-role.libsonnet Normal file
View File

@@ -0,0 +1,26 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local authenticationRole = policyRule.new() +
policyRule.withApiGroups(["authentication.k8s.io"]) +
policyRule.withResources([
"tokenreviews",
]) +
policyRule.withVerbs(["create"]);
local authorizationRole = policyRule.new() +
policyRule.withApiGroups(["authorization.k8s.io"]) +
policyRule.withResources([
"subjectaccessreviews",
]) +
policyRule.withVerbs(["create"]);
local rules = [authenticationRole, authorizationRole];
{
new()::
clusterRole.new() +
clusterRole.mixin.metadata.withName("node-exporter") +
clusterRole.withRules(rules)
}

58
jsonnet/node-exporter/node-exporter-daemonset.libsonnet Normal file
View File

@@ -0,0 +1,58 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local daemonset = k.apps.v1beta2.daemonSet;
local container = daemonset.mixin.spec.template.spec.containersType;
local volume = daemonset.mixin.spec.template.spec.volumesType;
local containerPort = container.portsType;
local containerVolumeMount = container.volumeMountsType;
local podSelector = daemonset.mixin.spec.template.spec.selectorType;
local nodeExporterVersion = "v0.15.2";
local kubeRbacProxyVersion = "v0.3.0";
local podLabels = {"app": "node-exporter"};
local procVolumeName = "proc";
local procVolume = volume.fromHostPath(procVolumeName, "/proc");
local procVolumeMount = containerVolumeMount.new(procVolumeName, "/host/proc");
local sysVolumeName = "sys";
local sysVolume = volume.fromHostPath(sysVolumeName, "/sys");
local sysVolumeMount = containerVolumeMount.new(sysVolumeName, "/host/sys");
local nodeExporter =
container.new("node-exporter", "quay.io/prometheus/node-exporter:" + nodeExporterVersion) +
container.withArgs([
"--web.listen-address=127.0.0.1:9101",
"--path.procfs=/host/proc",
"--path.sysfs=/host/sys",
]) +
container.withVolumeMounts([procVolumeMount, sysVolumeMount]) +
container.mixin.resources.withRequests({cpu: "102m", memory: "180Mi"}) +
container.mixin.resources.withLimits({cpu: "102m", memory: "180Mi"});
local proxy =
container.new("kube-rbac-proxy", "quay.io/coreos/kube-rbac-proxy:" + kubeRbacProxyVersion) +
container.withArgs([
"--secure-listen-address=:9100",
"--upstream=http://127.0.0.1:9101/",
]) +
container.withPorts(containerPort.newNamed("https", 9100)) +
container.mixin.resources.withRequests({cpu: "10m", memory: "20Mi"}) +
container.mixin.resources.withLimits({cpu: "20m", memory: "40Mi"});
local c = [nodeExporter, proxy];
{
new(namespace)::
daemonset.new() +
daemonset.mixin.metadata.withName("node-exporter") +
daemonset.mixin.metadata.withNamespace(namespace) +
daemonset.mixin.metadata.withLabels(podLabels) +
daemonset.mixin.spec.selector.withMatchLabels(podLabels) +
daemonset.mixin.spec.template.metadata.withLabels(podLabels) +
daemonset.mixin.spec.template.spec.withContainers(c) +
daemonset.mixin.spec.template.spec.withVolumes([procVolume, sysVolume]) +
daemonset.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
daemonset.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
daemonset.mixin.spec.template.spec.withServiceAccountName("node-exporter")
}

8
jsonnet/node-exporter/node-exporter-service-account.libsonnet Normal file
View File

@@ -0,0 +1,8 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local serviceAccount = k.core.v1.serviceAccount;
{
new(namespace)::
serviceAccount.new("node-exporter") +
serviceAccount.mixin.metadata.withNamespace(namespace)
}

14
jsonnet/node-exporter/node-exporter-service.libsonnet Normal file
View File

@@ -0,0 +1,14 @@
local k = import "ksonnet.beta.3/k.libsonnet";
local service = k.core.v1.service;
local servicePort = k.core.v1.service.mixin.spec.portsType;
local nodeExporterDaemonset = import "node-exporter-daemonset.libsonnet";
local nodeExporterPort = servicePort.newNamed("https", 9100, "https");
{
new(namespace)::
service.new("node-exporter", nodeExporterDaemonset.new(namespace).spec.selector.matchLabels, nodeExporterPort) +
service.mixin.metadata.withNamespace(namespace) +
service.mixin.metadata.withLabels({"k8s-app": "node-exporter"})
}

7
jsonnet/node-exporter/node-exporter.libsonnet Normal file
View File

@@ -0,0 +1,7 @@
{
clusterRoleBinding:: import "node-exporter-cluster-role-binding.libsonnet",
clusterRole:: import "node-exporter-cluster-role.libsonnet",
daemonset:: import "node-exporter-daemonset.libsonnet",
serviceAccount:: import "node-exporter-service-account.libsonnet",
service:: import "node-exporter-service.libsonnet",
}