From 5d808ee753afff17373dd8c4232b00bbf8904f16 Mon Sep 17 00:00:00 2001 From: Jon Date: Tue, 19 Sep 2023 15:09:20 +0930 Subject: [PATCH] feat: prometheus adaptor deployment !1 --- templates/APIService-prometheus-adapter.yaml | 21 ++++ ...ClusterRole-aggregated-metrics-reader.yaml | 26 +++++ ...-binding-delegator-prometheus-adaptor.yaml | 20 ++++ ...hpa-custom-metrics-prometheus-adaptor.yaml | 19 ++++ ...s-server-resources-prometheus-adaptor.yaml | 18 ++++ templates/ClusterRole-prometheus-adapter.yaml | 24 +++++ templates/ConfigMap-prometheus-adapter.yaml | 72 +++++++++++++ templates/Deployment-prometheus-adapter.yaml | 100 ++++++++++++++++++ ...odDisruptionBudget-prometheus-adapter.yaml | 21 ++++ ...inding-prometheus-adapter-auth-reader.yaml | 18 ++++ templates/Service-prometheus-adapter.yaml | 23 ++++ .../ServiceAccount-prometheus-adapter.yaml | 14 +++ .../ServiceMonitor-prometheus-adapter.yaml | 39 +++++++ 13 files changed, 415 insertions(+) create mode 100644 templates/APIService-prometheus-adapter.yaml create mode 100644 templates/ClusterRole-aggregated-metrics-reader.yaml create mode 100644 templates/ClusterRole-binding-delegator-prometheus-adaptor.yaml create mode 100644 templates/ClusterRole-binding-hpa-custom-metrics-prometheus-adaptor.yaml create mode 100644 templates/ClusterRole-metrics-server-resources-prometheus-adaptor.yaml create mode 100644 templates/ClusterRole-prometheus-adapter.yaml create mode 100644 templates/ConfigMap-prometheus-adapter.yaml create mode 100644 templates/Deployment-prometheus-adapter.yaml create mode 100644 templates/PodDisruptionBudget-prometheus-adapter.yaml create mode 100644 templates/RoleBinding-prometheus-adapter-auth-reader.yaml create mode 100644 templates/Service-prometheus-adapter.yaml create mode 100644 templates/ServiceAccount-prometheus-adapter.yaml create mode 100644 templates/ServiceMonitor-prometheus-adapter.yaml diff --git a/templates/APIService-prometheus-adapter.yaml b/templates/APIService-prometheus-adapter.yaml new file mode 100644 index 0000000..04d7bbf --- /dev/null +++ b/templates/APIService-prometheus-adapter.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: v1beta1.metrics.k8s.io +spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: prometheus-adapter + namespace: monitoring + version: v1beta1 + versionPriority: 100 diff --git a/templates/ClusterRole-aggregated-metrics-reader.yaml b/templates/ClusterRole-aggregated-metrics-reader.yaml new file mode 100644 index 0000000..bc2afd0 --- /dev/null +++ b/templates/ClusterRole-aggregated-metrics-reader.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader + namespace: monitoring +rules: +- apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch diff --git a/templates/ClusterRole-binding-delegator-prometheus-adaptor.yaml b/templates/ClusterRole-binding-delegator-prometheus-adaptor.yaml new file mode 100644 index 0000000..5648792 --- /dev/null +++ b/templates/ClusterRole-binding-delegator-prometheus-adaptor.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: resource-metrics:system:auth-delegator + namespace: monitoring +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: prometheus-adapter + namespace: monitoring diff --git a/templates/ClusterRole-binding-hpa-custom-metrics-prometheus-adaptor.yaml b/templates/ClusterRole-binding-hpa-custom-metrics-prometheus-adaptor.yaml new file mode 100644 index 0000000..4785870 --- /dev/null +++ b/templates/ClusterRole-binding-hpa-custom-metrics-prometheus-adaptor.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: hpa-controller-custom-metrics + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: custom-metrics-server-resources +subjects: +- kind: ServiceAccount + name: horizontal-pod-autoscaler + namespace: kube-system diff --git a/templates/ClusterRole-metrics-server-resources-prometheus-adaptor.yaml b/templates/ClusterRole-metrics-server-resources-prometheus-adaptor.yaml new file mode 100644 index 0000000..b5d028b --- /dev/null +++ b/templates/ClusterRole-metrics-server-resources-prometheus-adaptor.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: resource-metrics-server-resources +rules: +- apiGroups: + - metrics.k8s.io + resources: + - '*' + verbs: + - '*' diff --git a/templates/ClusterRole-prometheus-adapter.yaml b/templates/ClusterRole-prometheus-adapter.yaml new file mode 100644 index 0000000..87cd65f --- /dev/null +++ b/templates/ClusterRole-prometheus-adapter.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: prometheus-adapter +rules: +- apiGroups: + - "" + resources: + - nodes + - namespaces + - pods + - services + verbs: + - get + - list + - watch diff --git a/templates/ConfigMap-prometheus-adapter.yaml b/templates/ConfigMap-prometheus-adapter.yaml new file mode 100644 index 0000000..2f1a140 --- /dev/null +++ b/templates/ConfigMap-prometheus-adapter.yaml @@ -0,0 +1,72 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: adapter-config + namespace: monitoring +data: + config.yaml: |- + "resourceRules": + "cpu": + "containerLabel": "container" + "containerQuery": | + sum by (<<.GroupBy>>) ( + irate ( + container_cpu_usage_seconds_total{<<.LabelMatchers>>,container!="",pod!=""}[120s] + ) + ) + "nodeQuery": | + sum by (<<.GroupBy>>) ( + 1 - irate( + node_cpu_seconds_total{mode="idle"}[60s] + ) + * on(namespace, pod) group_left(node) ( + node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>} + ) + ) + or sum by (<<.GroupBy>>) ( + 1 - irate( + windows_cpu_time_total{mode="idle", job="windows-exporter",<<.LabelMatchers>>}[4m] + ) + ) + "resources": + "overrides": + "namespace": + "resource": "namespace" + "node": + "resource": "node" + "pod": + "resource": "pod" + "memory": + "containerLabel": "container" + "containerQuery": | + sum by (<<.GroupBy>>) ( + container_memory_working_set_bytes{<<.LabelMatchers>>,container!="",pod!=""} + ) + "nodeQuery": | + sum by (<<.GroupBy>>) ( + node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} + - + node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>} + ) + or sum by (<<.GroupBy>>) ( + windows_cs_physical_memory_bytes{job="windows-exporter",<<.LabelMatchers>>} + - + windows_memory_available_bytes{job="windows-exporter",<<.LabelMatchers>>} + ) + "resources": + "overrides": + "instance": + "resource": "node" + "namespace": + "resource": "namespace" + "pod": + "resource": "pod" + "window": "5m" diff --git a/templates/Deployment-prometheus-adapter.yaml b/templates/Deployment-prometheus-adapter.yaml new file mode 100644 index 0000000..9edd8bc --- /dev/null +++ b/templates/Deployment-prometheus-adapter.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: prometheus-adapter + namespace: "{{ .Values.nfc_monitoring.prometheus_adaptor.namespace }}" +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + template: + metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + spec: + automountServiceAccountToken: true + containers: + - args: + - --cert-dir=/var/run/serving-cert + - --config=/etc/adapter/config.yaml + - --metrics-relist-interval=1m + - --prometheus-url=https://prometheus.monitoring.svc:9090/ + - --secure-port=6443 + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA + image: "{{ .Values.nfc_monitoring.prometheus_adaptor.image.name }}:{{ .Values.nfc_monitoring.prometheus_adaptor.image.tag }}" + livenessProbe: + failureThreshold: 5 + httpGet: + path: /livez + port: https + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 5 + name: prometheus-adapter + ports: + - containerPort: 6443 + name: https + readinessProbe: + failureThreshold: 5 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 30 + periodSeconds: 5 + resources: + requests: + cpu: 102m + memory: 180Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - mountPath: /tmp + name: tmpfs + readOnly: false + - mountPath: /var/run/serving-cert + name: volume-serving-cert + readOnly: false + - mountPath: /etc/adapter + name: config + readOnly: false + nodeSelector: + kubernetes.io/os: linux + securityContext: {} + serviceAccountName: prometheus-adapter + volumes: + - emptyDir: {} + name: tmpfs + - emptyDir: {} + name: volume-serving-cert + - configMap: + name: adapter-config + name: config diff --git a/templates/PodDisruptionBudget-prometheus-adapter.yaml b/templates/PodDisruptionBudget-prometheus-adapter.yaml new file mode 100644 index 0000000..17203c2 --- /dev/null +++ b/templates/PodDisruptionBudget-prometheus-adapter.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: prometheus-adapter + namespace: monitoring +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} diff --git a/templates/RoleBinding-prometheus-adapter-auth-reader.yaml b/templates/RoleBinding-prometheus-adapter-auth-reader.yaml new file mode 100644 index 0000000..be46bee --- /dev/null +++ b/templates/RoleBinding-prometheus-adapter-auth-reader.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/version: 0.11.1 + name: resource-metrics-auth-reader + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: +- kind: ServiceAccount + name: prometheus-adapter + namespace: monitoring diff --git a/templates/Service-prometheus-adapter.yaml b/templates/Service-prometheus-adapter.yaml new file mode 100644 index 0000000..406fd70 --- /dev/null +++ b/templates/Service-prometheus-adapter.yaml @@ -0,0 +1,23 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: prometheus-adapter + namespace: monitoring +spec: + ports: + - name: https + port: 443 + targetPort: 6443 + selector: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} diff --git a/templates/ServiceAccount-prometheus-adapter.yaml b/templates/ServiceAccount-prometheus-adapter.yaml new file mode 100644 index 0000000..ff50c47 --- /dev/null +++ b/templates/ServiceAccount-prometheus-adapter.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +automountServiceAccountToken: false +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: prometheus-adapter + namespace: monitoring diff --git a/templates/ServiceMonitor-prometheus-adapter.yaml b/templates/ServiceMonitor-prometheus-adapter.yaml new file mode 100644 index 0000000..0270e70 --- /dev/null +++ b/templates/ServiceMonitor-prometheus-adapter.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/version: {{ $.Chart.Version }} + name: prometheus-adapter + namespace: monitoring +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + interval: 30s + metricRelabelings: + - action: drop + regex: (apiserver_client_certificate_.*|apiserver_envelope_.*|apiserver_flowcontrol_.*|apiserver_storage_.*|apiserver_webhooks_.*|workqueue_.*) + sourceLabels: + - __name__ + port: https + scheme: https + relabelings: + - action: replace + regex: (.*) + replacement: $1 + sourceLabels: + - __meta_kubernetes_pod_label_app_kubernetes_io_instance + targetLabel: instance + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + app.kubernetes.io/component: metrics-adapter + app.kubernetes.io/instance: main + app.kubernetes.io/name: prometheus-adapter + app.kubernetes.io/part-of: {{ $.Chart.Name }}