Skip to content

S
system-charts
Commit 69520015 by frank Committed by Craig Jellick
Options

Deploy Prometheus into Project level

**Problem:** - Previous charts cannot satisfy the project level monitoring deploying design - Grafana cannot be restarted after password changed - node-exporter cannot be scheduled to `controlpane` or `etcd` role nodes - Prometheus cannot be started with PVC that provided by some storage provisioner which don't respect the `SecurityContext` **Solution:** - Deploy "project level" monitoring with a permission-limit Prometheus - Remove Grafana account `Secret` and use provisioning instead of `grafana-watch` - Modify node-exporter `taints` - Add configurable `SecurityContext` for Prometheus and Alertmanager - Narrow Prometheus permission **Issue:** - https://github.com/rancher/rancher/issues/17039 - https://github.com/rancher/rancher/issues/16962 - https://github.com/rancher/rancher/issues/17030 - https://github.com/rancher/rancher/issues/17256Co-authored-by: 's avatarorangedeng <jxfa0043379@hotmail.com>
parent a752bdd5
Showing with 1823 additions and 652 deletions
charts/rancher-monitoring/v0.0.2/Chart.yaml
...@@ -7,8 +7,8 @@ maintainers: ...@@ -7,8 +7,8 @@ maintainers:
name: rancher-monitoring name: rancher-monitoring
sources: sources:
- https://github.com/coreos/prometheus-operator - https://github.com/coreos/prometheus-operator
version: 0.0.1 version: 0.0.2
appVersion: "0.23.2" appVersion: 0.0.2
home: https://github.com/coreos/prometheus-operator home: https://github.com/coreos/prometheus-operator
keywords: keywords:
- operator - operator
......
charts/rancher-monitoring/v0.0.2/README.md
...@@ -4,13 +4,5 @@ Installs [prometheus-operator](https://github.com/coreos/prometheus-operator) to ...@@ -4,13 +4,5 @@ Installs [prometheus-operator](https://github.com/coreos/prometheus-operator) to
> **Tip**: Only use for Rancher Monitoring!!! > **Tip**: Only use for Rancher Monitoring!!!
## Introduction
This chart bootstraps a [prometheus-operator](https://github.com/coreos/prometheus-operator) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
### Security
Alertmanager, Node exporter, Kube-state exporter, Grafana and Prometheus in same [Namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) will use the same [ServiceAccount](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) as Prometheus, which named like `prometheus-{{ .Release.Name }}`. Operator uses another one.
## Prerequisites ## Prerequisites
- Rancher 2.1+ - Rancher 2.2+
charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/alertmanager.yaml
...@@ -11,6 +11,10 @@ metadata: ...@@ -11,6 +11,10 @@ metadata:
{{- end }} {{- end }}
name: {{ .Release.Name }} name: {{ .Release.Name }}
spec: spec:
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 4 }}
{{- end }}
podMetadata: podMetadata:
labels: labels:
{{- if .Values.labels }} {{- if .Values.labels }}
...@@ -31,8 +35,10 @@ spec: ...@@ -31,8 +35,10 @@ spec:
paused: {{ .Values.paused }} paused: {{ .Values.paused }}
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
logLevel: {{ .Values.logLevel }} logLevel: {{ .Values.logLevel }}
{{- if and .Values.resources .Values.resources.core }}
resources: resources:
{{ toYaml .Values.resources | indent 4 }} {{ toYaml .Values.resources.core | indent 4 }}
{{- end }}
retention: "{{ .Values.retention }}" retention: "{{ .Values.retention }}"
{{- if .Values.routePrefix }} {{- if .Values.routePrefix }}
routePrefix: "{{ .Values.routePrefix }}" routePrefix: "{{ .Values.routePrefix }}"
...@@ -42,7 +48,7 @@ spec: ...@@ -42,7 +48,7 @@ spec:
{{ toYaml .Values.secrets | indent 4 }} {{ toYaml .Values.secrets | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.enabledRBAC }} {{- if .Values.enabledRBAC }}
serviceAccountName: {{ .Values.serviceAccountName }} serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
{{- end }} {{- end }}
{{- if or .Values.storageSpec .Values.persistence.enabled }} {{- if or .Values.storageSpec .Values.persistence.enabled }}
storage: storage:
...@@ -76,8 +82,6 @@ spec: ...@@ -76,8 +82,6 @@ spec:
tolerations: tolerations:
{{ toYaml .Values.tolerations | indent 4 }} {{ toYaml .Values.tolerations | indent 4 }}
{{- end }} {{- end }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 4 }}
{{- if .Values.sidecarsSpec }} {{- if .Values.sidecarsSpec }}
containers: containers:
{{ toYaml .Values.sidecarsSpec | indent 4 }} {{ toYaml .Values.sidecarsSpec | indent 4 }}
......
charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/metrics-service.yaml
...@@ -7,9 +7,10 @@ metadata: ...@@ -7,9 +7,10 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
spec: spec:
type: ClusterIP type: ClusterIP
clusterIP: None
selector: selector:
{{- if .Values.labels }} {{- if .Values.labels }}
{{ toYaml .Values.labels | indent 4 }} {{ toYaml .Values.labels | indent 4 }}
......
charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/nginx-configmap.yaml
...@@ -21,12 +21,20 @@ data: ...@@ -21,12 +21,20 @@ data:
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
proxy_connect_timeout 10;
proxy_read_timeout 180;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /tmp/temp_dir;
proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
server { server {
listen 80; listen 80;
access_log off; access_log off;
gzip on; gzip on;
...@@ -37,14 +45,21 @@ data: ...@@ -37,14 +45,21 @@ data:
gzip_disable "MSIE [1-6]\."; gzip_disable "MSIE [1-6]\.";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location / { location / {
proxy_cache my_zone;
proxy_cache_valid 200 302 1d;
proxy_cache_valid 301 30d;
proxy_cache_valid any 5m;
proxy_cache_bypass $http_cache_control;
add_header X-Proxy-Cache $upstream_cache_status;
add_header Cache-Control "public";
proxy_pass http://alertmanager-operated:9093/; proxy_pass http://alertmanager-operated:9093/;
}
if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
expires 90d;
}
}
} }
} }
charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/nginx-deployment.yaml
...@@ -24,9 +24,12 @@ spec: ...@@ -24,9 +24,12 @@ spec:
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: nginx component: nginx
spec: spec:
{{- if .Values.enabledRBAC }}
serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
{{- end }}
containers: containers:
- name: nginx - name: alertmanager-proxy
image: nginx:1.15.2 image: {{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag }}
args: args:
- nginx - nginx
- -g - -g
...@@ -36,6 +39,10 @@ spec: ...@@ -36,6 +39,10 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /nginx/ - mountPath: /nginx/
name: alertmanager-nginx name: alertmanager-nginx
{{- if and .Values.resources .Values.resources.proxy }}
resources:
{{ toYaml .Values.resources.proxy | indent 10 }}
{{- end }}
ports: ports:
- name: http - name: http
containerPort: 80 containerPort: 80
......
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/secret.yaml charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/rbac.yaml
{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: ServiceAccount
metadata: metadata:
labels: labels:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
...@@ -7,11 +8,6 @@ metadata: ...@@ -7,11 +8,6 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
type: Opaque imagePullSecrets:
data: {{ toYaml .Values.image.pullSecrets | indent 2 }}
user: {{ .Values.adminUser | b64enc | quote }} {{- end }}
{{- if .Values.adminPassword }} \ No newline at end of file
password: {{ .Values.adminPassword | b64enc | quote }}
{{- else }}
password: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/alertmanager/templates/servicemonitor.yaml
...@@ -7,21 +7,33 @@ metadata: ...@@ -7,21 +7,33 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: altermanager
selector: selector:
matchLabels: matchLabels:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
endpoints: endpoints:
- port: http - port: http
interval: 30s interval: 30s
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/alertmanager/values.yaml
...@@ -60,16 +60,16 @@ templates: {} ...@@ -60,16 +60,16 @@ templates: {}
## ##
externalUrl: "" externalUrl: ""
serviceMonitor: serviceMonitorLabels: {}
## Custom Labels to be added to ServiceMonitor
##
labels: {}
## Alertmanager container image ## Alertmanager container image
## ##
image: image:
repository: quay.io/prometheus/alertmanager repository: quay.io/prometheus/alertmanager
tag: v0.15.2 tag: v0.15.2
proxy:
repository: nginx
tag: 1.15.8-alpine
## Labels to be added to the Alertmanager ## Labels to be added to the Alertmanager
## ##
...@@ -100,9 +100,21 @@ replicaCount: 1 ...@@ -100,9 +100,21 @@ replicaCount: 1
## Resource limits & requests ## Resource limits & requests
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
## ##
resources: {} resources:
# requests: core:
# memory: 400Mi limits:
memory: 500Mi
cpu: 1000m
requests:
memory: 100Mi
cpu: 100m
proxy:
limits:
memory: 100Mi
cpu: 100m
requests:
memory: 50Mi
cpu: 50m
## How long to retain metrics ## How long to retain metrics
## ##
...@@ -119,46 +131,6 @@ routePrefix: "" ...@@ -119,46 +131,6 @@ routePrefix: ""
## ##
secrets: [] secrets: []
service:
## Maintains session affinity. Should be set to ClientIP for HA setup
## Only options are ClientIP and None. Do not leave blank.
sessionAffinity: None
## Annotations to be added to the Service
##
annotations: {}
## Cluster-internal IP address for Alertmanager Service
##
clusterIP: ""
## List of external IP addresses at which the Alertmanager Service will be available
##
externalIPs: []
## Labels to be added to the Service
##
labels: {}
## External IP address to assign to Alertmanager Service
## Only used if service.type is 'LoadBalancer' and supported by cloud provider
##
loadBalancerIP: ""
## List of client IPs allowed to access Alertmanager Service
## Only used if service.type is 'LoadBalancer' and supported by cloud provider
##
loadBalancerSourceRanges: []
## Port to expose on each node
## Only used if service.type is 'NodePort'
##
# nodePort: 30903
## Service type
##
type: ClusterIP
logLevel: "info" logLevel: "info"
## Alertmanager StorageSpec for persistent data ## Alertmanager StorageSpec for persistent data
...@@ -183,3 +155,6 @@ persistence: {} ...@@ -183,3 +155,6 @@ persistence: {}
sidecarsSpec: [] sidecarsSpec: []
# - name: sidecar # - name: sidecar
# image: registry/name:tag # image: registry/name:tag
securityContext: {}
charts/rancher-monitoring/v0.0.2/charts/exporter-coredns/templates/endpoints.yaml
{{- if .Values.endpoints }} {{- if .Values.endpoints }}
apiVersion: v1 apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
k8s-app: coredns
name: {{ template "app.dnsname" . }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: metrics
port: {{ .Values.ports.metrics.port }}
protocol: TCP
targetPort: {{ .Values.ports.metrics.port }}
---
apiVersion: v1
kind: Endpoints kind: Endpoints
metadata: metadata:
labels: labels:
...@@ -27,15 +7,14 @@ metadata: ...@@ -27,15 +7,14 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
name: {{ template "app.dnsname" . }} name: expose-coredns-metrics
subsets: subsets:
- addresses: - addresses:
{{- range .Values.endpoints }} {{- range .Values.endpoints }}
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: metrics - name: {{ .Values.ports.metrics.name }}
port: {{ .Values.ports.metrics.port }} port: {{ .Values.ports.metrics.port }}
protocol: TCP protocol: {{ .Values.ports.metrics.protocol }}
{{- end }} {{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-coredns/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
name: expose-coredns-metrics
namespace: {{ default .Release.Namespace .Values.componentNamespace }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: {{ .Values.ports.metrics.name }}
port: {{ .Values.ports.metrics.port }}
protocol: {{ .Values.ports.metrics.protocol }}
targetPort: {{ .Values.ports.metrics.port }}
{{- if not .Values.endpoints }}
selector:
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
{{- end }}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/exporter-coredns/templates/servicemonitor.yaml
...@@ -7,21 +7,44 @@ metadata: ...@@ -7,21 +7,44 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: coredns
selector: selector:
matchLabels: matchLabels:
k8s-app: coredns {{ toYaml .Values.serviceSelectorLabels | indent 6 }}
namespaceSelector: namespaceSelector:
any: true
matchNames: matchNames:
{{- if not .Values.endpoints }}
- "kube-system" - "kube-system"
{{- else }}
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
{{- end }}
endpoints: endpoints:
- port: metrics - port: {{ .Values.ports.metrics.name }}
interval: 15s interval: 15s
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: {{ .Values.ports.metrics.scheme }}
{{- if eq .Values.ports.metrics.scheme "https" }}
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true
{{- end }}
{{- end }}
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-coredns/values.yaml
##
## For now, HELM cannot support deploy commponents into multiple namespaces
##
componentNamespace: ""
## CRD apiGroup ## CRD apiGroup
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
...@@ -8,9 +13,17 @@ endpoints: [] ...@@ -8,9 +13,17 @@ endpoints: []
ports: ports:
metrics: metrics:
scheme: http
name: metrics
port: 9153 port: 9153
protocol: TCP
serviceMonitor: serviceSelectorLabels:
## Custom Labels to be added to ServiceMonitor k8s-app: kube-dns
##
labels: {} serviceMonitorLabels: {}
## Skip verification until we have resolved why the certificate validation
## for the kubelet on API server nodes fail.
##
insecureSkipVerify: true
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/exporter-fluentd/templates/servicemonitor.yaml
...@@ -7,19 +7,40 @@ metadata: ...@@ -7,19 +7,40 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: fluentd
selector: selector:
matchLabels: matchLabels:
k8s-app: fluentd {{ toYaml .Values.serviceSelectorLabels | indent 6 }}
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- cattle-logging - cattle-logging
endpoints: endpoints:
- port: metrics - port: {{ .Values.ports.metrics.name }}
interval: 15s interval: 15s
honorLabels: true honorLabels: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: {{ .Values.ports.metrics.scheme }}
{{- if eq .Values.ports.metrics.scheme "https" }}
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true
{{- end }}
{{- end }}
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-fluentd/values.yaml
...@@ -2,10 +2,17 @@ ...@@ -2,10 +2,17 @@
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
ports:
metrics:
scheme: http
name: metrics
serviceSelectorLabels:
k8s-app: fluentd
serviceMonitorLabels: {}
## Skip verification until we have resolved why the certificate validation ## Skip verification until we have resolved why the certificate validation
## for the kubelet on API server nodes fail. ## for the kubelet on API server nodes fail.
## ##
serviceMonitor: insecureSkipVerify: true
## Custom Labels to be added to ServiceMonitor
##
labels: {}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-controller-manager/templates/endpoints.yaml
{{- if .Values.endpoints }} {{- if .Values.endpoints }}
apiVersion: v1 apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
k8s-app: kube-controller-manager
name: {{ template "app.dnsname" . }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: metrics
port: {{ .Values.ports.metrics.port }}
protocol: TCP
targetPort: {{ .Values.ports.metrics.port }}
---
apiVersion: v1
kind: Endpoints kind: Endpoints
metadata: metadata:
labels: labels:
...@@ -27,14 +7,14 @@ metadata: ...@@ -27,14 +7,14 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
name: {{ template "app.dnsname" . }} name: expose-kube-cm-metrics
subsets: subsets:
- addresses: - addresses:
{{- range .Values.endpoints }} {{- range .Values.endpoints }}
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: metrics - name: {{ .Values.ports.metrics.name }}
port: {{ .Values.ports.metrics.port }} port: {{ .Values.ports.metrics.port }}
protocol: TCP protocol: {{ .Values.ports.metrics.protocol }}
{{- end }} {{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-controller-manager/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
name: expose-kube-cm-metrics
namespace: {{ default .Release.Namespace .Values.componentNamespace }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: {{ .Values.ports.metrics.name }}
port: {{ .Values.ports.metrics.port }}
protocol: {{ .Values.ports.metrics.protocol }}
targetPort: {{ .Values.ports.metrics.port }}
{{- if not .Values.endpoints }}
selector:
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-controller-manager/templates/servicemonitor.yaml
...@@ -7,26 +7,43 @@ metadata: ...@@ -7,26 +7,43 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: kube-controller-manager
selector: selector:
matchLabels: matchLabels:
k8s-app: kube-controller-manager {{ toYaml .Values.serviceSelectorLabels | indent 6 }}
namespaceSelector: namespaceSelector:
any: true
matchNames: matchNames:
{{- if not .Values.endpoints }}
- "kube-system" - "kube-system"
{{- else }}
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
{{- end }}
endpoints: endpoints:
- port: metrics - port: {{ .Values.ports.metrics.name }}
interval: 15s interval: 15s
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: {{ .Values.ports.metrics.scheme }}
{{- if eq .Values.ports.metrics.scheme "https" }}
tlsConfig: tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }} {{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true insecureSkipVerify: true
{{- end }} {{- end }}
{{- end }}
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-controller-manager/values.yaml
## CRD apiGroup
## ##
apiGroup: "monitoring.coreos.com" ## For now, HELM cannot support deploy commponents into multiple namespaces
##
componentNamespace: ""
## Skip verification until we have resolved why the certificate validation ## CRD apiGroup
## for the kubelet on API server nodes fail.
## ##
insecureSkipVerify: true apiGroup: "monitoring.coreos.com"
## Custom endpoints ## Custom endpoints
## ##
...@@ -13,9 +13,17 @@ endpoints: [] ...@@ -13,9 +13,17 @@ endpoints: []
ports: ports:
metrics: metrics:
scheme: http
name: metrics
port: 10252 port: 10252
protocol: TCP
serviceSelectorLabels:
k8s-app: kube-controller-manager
serviceMonitor: serviceMonitorLabels: {}
## Custom Labels to be added to ServiceMonitor
## ## Skip verification until we have resolved why the certificate validation
labels: {} ## for the kubelet on API server nodes fail.
##
insecureSkipVerify: true
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-dns/templates/endpoints.yaml
{{- if .Values.endpoints }} {{- if .Values.endpoints }}
apiVersion: v1 apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
k8s-app: coredns
name: {{ template "app.dnsname" . }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: dnsmasq-metrics
port: {{ .Values.ports.metrics.dnsmasq.port }}
protocol: TCP
targetPort: {{ .Values.ports.metrics.dnsmasq.port }}
- name: skydns-metrics
port: {{ .Values.ports.metrics.skydns.port }}
protocol: TCP
targetPort: {{ .Values.ports.metrics.skydns.port }}
---
apiVersion: v1
kind: Endpoints kind: Endpoints
metadata: metadata:
labels: labels:
...@@ -31,17 +7,17 @@ metadata: ...@@ -31,17 +7,17 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
name: {{ template "app.dnsname" . }} name: expose-kube-dns-metrics
subsets: subsets:
- addresses: - addresses:
{{- range .Values.endpoints }} {{- range .Values.endpoints }}
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: dnsmasq-metrics - name: {{ .Values.ports.metrics.dnsmasq.name }}
port: {{ .Values.ports.metrics.dnsmasq.port }} port: {{ .Values.ports.metrics.dnsmasq.port }}
protocol: TCP protocol: {{ .Values.ports.metrics.dnsmasq.protocol }}
- name: skydns-metrics - name: {{ .Values.ports.metrics.skydns.name }}
port: {{ .Values.ports.metrics.skydns.port }} port: {{ .Values.ports.metrics.skydns.port }}
protocol: TCP protocol: {{ .Values.ports.metrics.skydns.protocol }}
{{- end }} {{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-dns/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
name: expose-kube-dns-metrics
namespace: {{ default .Release.Namespace .Values.componentNamespace }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: {{ .Values.ports.metrics.dnsmasq.name }}
port: {{ .Values.ports.metrics.dnsmasq.port }}
protocol: {{ .Values.ports.metrics.dnsmasq.protocol }}
targetPort: {{ .Values.ports.metrics.dnsmasq.port }}
- name: {{ .Values.ports.metrics.skydns.name }}
port: {{ .Values.ports.metrics.skydns.port }}
protocol: {{ .Values.ports.metrics.skydns.protocol }}
targetPort: {{ .Values.ports.metrics.skydns.port }}
{{- if not .Values.endpoints }}
selector:
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
{{- end }}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-dns/templates/servicemonitor.yaml
...@@ -7,24 +7,67 @@ metadata: ...@@ -7,24 +7,67 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: kube-dns
selector: selector:
matchLabels: matchLabels:
k8s-app: coredns {{ toYaml .Values.serviceSelectorLabels | indent 6 }}
namespaceSelector: namespaceSelector:
any: true
matchNames: matchNames:
{{- if not .Values.endpoints }}
- "kube-system" - "kube-system"
{{- else }}
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
{{- end }}
endpoints: endpoints:
- port: dnsmasq-metrics - port: {{ .Values.ports.metrics.dnsmasq.name }}
interval: 15s interval: 15s
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
- port: skydns-metrics scheme: {{ .Values.ports.metrics.dnsmasq.scheme }}
{{- if eq .Values.ports.metrics.dnsmasq.scheme "https" }}
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true
{{- end }}
{{- end }}
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
- port: {{ .Values.ports.metrics.skydns.name }}
interval: 15s interval: 15s
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: {{ .Values.ports.metrics.skydns.scheme }}
{{- if eq .Values.ports.metrics.skydns.scheme "https" }}
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true
{{- end }}
{{- end }}
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-dns/values.yaml
##
## For now, HELM cannot support deploy commponents into multiple namespaces
##
componentNamespace: ""
## CRD apiGroup ## CRD apiGroup
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
...@@ -9,11 +14,22 @@ endpoints: [] ...@@ -9,11 +14,22 @@ endpoints: []
ports: ports:
metrics: metrics:
dnsmasq: dnsmasq:
scheme: http
name: dnsmasq-metrics
port: 10054 port: 10054
protocol: TCP
skydns: skydns:
scheme: http
name: skydns-metrics
port: 10055 port: 10055
protocol: TCP
serviceMonitor: serviceSelectorLabels:
## Custom Labels to be added to ServiceMonitor k8s-app: kube-dns
##
labels: {} serviceMonitorLabels: {}
## Skip verification until we have resolved why the certificate validation
## for the kubelet on API server nodes fail.
##
insecureSkipVerify: true
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-etcd/templates/endpoints.yaml
{{- if .Values.endpoints }} {{- if .Values.endpoints }}
apiVersion: v1 apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
k8s-app: etcd-server
name: {{ template "app.dnsname" . }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: metrics
port: {{ .Values.ports.metrics.port }}
protocol: TCP
targetPort: {{ .Values.ports.metrics.port }}
---
apiVersion: v1
kind: Endpoints kind: Endpoints
metadata: metadata:
labels: labels:
...@@ -27,14 +7,14 @@ metadata: ...@@ -27,14 +7,14 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
name: {{ template "app.dnsname" . }} name: expose-kube-etcd-metrics
subsets: subsets:
- addresses: - addresses:
{{- range .Values.endpoints }} {{- range .Values.endpoints }}
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: metrics - name: {{ .Values.ports.metrics.name }}
port: {{ .Values.ports.metrics.port }} port: {{ .Values.ports.metrics.port }}
protocol: TCP protocol: {{ .Values.ports.metrics.protocol }}
{{- end }} {{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-etcd/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
name: expose-kube-etcd-metrics
namespace: {{ default .Release.Namespace .Values.componentNamespace }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: {{ .Values.ports.metrics.name }}
port: {{ .Values.ports.metrics.port }}
protocol: {{ .Values.ports.metrics.protocol }}
targetPort: {{ .Values.ports.metrics.port }}
{{- if not .Values.endpoints }}
selector:
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
{{- end }}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-etcd/templates/servicemonitor.yaml
...@@ -7,26 +7,27 @@ metadata: ...@@ -7,26 +7,27 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: kube-etcd
selector: selector:
matchLabels: matchLabels:
k8s-app: etcd-server {{ toYaml .Values.serviceSelectorLabels | indent 6 }}
namespaceSelector: namespaceSelector:
any: true
matchNames: matchNames:
{{- if not .Values.endpoints }}
- "kube-system" - "kube-system"
{{- else }}
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
{{- end }}
endpoints: endpoints:
- port: metrics - port: {{ .Values.ports.metrics.name }}
interval: 15s interval: 15s
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: {{ .Values.ports.metrics.scheme }}
{{- if eq .Values.ports.metrics.scheme "https" }} {{- if eq .Values.ports.metrics.scheme "https" }}
scheme: https
tlsConfig: tlsConfig:
caFile: {{ .Values.caFile }} caFile: {{ .Values.caFile }}
{{- if .Values.certFile }} {{- if .Values.certFile }}
...@@ -39,3 +40,16 @@ spec: ...@@ -39,3 +40,16 @@ spec:
insecureSkipVerify: true insecureSkipVerify: true
{{- end }} {{- end }}
{{- end }} {{- end }}
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-etcd/values.yaml
##
## For now, HELM cannot support deploy commponents into multiple namespaces
##
componentNamespace: ""
## CRD apiGroup ## CRD apiGroup
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
## Custom endpoints
##
endpoints: []
ports:
metrics:
scheme: https
name: metrics
port: 4001
protocol: TCP
serviceSelectorLabels:
k8s-app: etcd-server
serviceMonitorLabels: {}
## Skip verification until we have resolved why the certificate validation ## Skip verification until we have resolved why the certificate validation
## for the kubelet on API server nodes fail. ## for the kubelet on API server nodes fail.
## ##
...@@ -12,17 +33,3 @@ insecureSkipVerify: true ...@@ -12,17 +33,3 @@ insecureSkipVerify: true
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
certFile: "" certFile: ""
keyFile: "" keyFile: ""
\ No newline at end of file
## Custom endpoints
##
endpoints: []
ports:
metrics:
scheme: "https"
port: 4001
serviceMonitor:
## Custom Labels to be added to ServiceMonitor
##
labels: {}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/templates/endpoints.yaml
{{- if .Values.endpoints }} {{- if .Values.endpoints }}
apiVersion: v1 apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
k8s-app: kube-scheduler
name: {{ template "app.dnsname" . }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: metrics
port: {{ .Values.ports.metrics.port }}
protocol: TCP
targetPort: {{ .Values.ports.metrics.port }}
---
apiVersion: v1
kind: Endpoints kind: Endpoints
metadata: metadata:
labels: labels:
...@@ -27,14 +7,14 @@ metadata: ...@@ -27,14 +7,14 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
name: {{ template "app.dnsname" . }} name: expose-kube-scheduler-metrics
subsets: subsets:
- addresses: - addresses:
{{- range .Values.endpoints }} {{- range .Values.endpoints }}
- ip: {{ . }} - ip: {{ . }}
{{- end }} {{- end }}
ports: ports:
- name: metrics - name: {{ .Values.ports.metrics.name }}
port: {{ .Values.ports.metrics.port }} port: {{ .Values.ports.metrics.port }}
protocol: TCP protocol: {{ .Values.ports.metrics.protocol }}
{{- end }} {{- end }}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/templates/prometheusrule.yaml
...@@ -7,8 +7,8 @@ metadata: ...@@ -7,8 +7,8 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.prometheusRule.labels }} {{- if .Values.prometheusRuleLabels }}
{{ toYaml .Values.prometheusRule.labels | indent 4 }} {{ toYaml .Values.prometheusRuleLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
......
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/templates/service.yaml 0 → 100644
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
name: expose-kube-scheduler-metrics
namespace: {{ default .Release.Namespace .Values.componentNamespace }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: {{ .Values.ports.metrics.name }}
port: {{ .Values.ports.metrics.port }}
protocol: {{ .Values.ports.metrics.protocol }}
targetPort: {{ .Values.ports.metrics.port }}
{{- if not .Values.endpoints }}
selector:
{{ toYaml .Values.serviceSelectorLabels | indent 4 }}
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/templates/servicemonitor.yaml
...@@ -7,21 +7,43 @@ metadata: ...@@ -7,21 +7,43 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: kube-scheduler
selector: selector:
matchLabels: matchLabels:
k8s-app: kube-scheduler {{ toYaml .Values.serviceSelectorLabels | indent 6 }}
namespaceSelector: namespaceSelector:
any: true
matchNames: matchNames:
{{- if not .Values.endpoints }}
- "kube-system" - "kube-system"
{{- else }}
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
{{- end }}
endpoints: endpoints:
- port: metrics - port: {{ .Values.ports.metrics.name }}
interval: 15s interval: 15s
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: {{ .Values.ports.metrics.scheme }}
{{- if eq .Values.ports.metrics.scheme "https" }}
tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true
{{- end }}
{{- end }}
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-scheduler/values.yaml
##
## For now, HELM cannot support deploy commponents into multiple namespaces
##
componentNamespace: ""
## CRD apiGroup ## CRD apiGroup
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
...@@ -8,14 +13,19 @@ endpoints: [] ...@@ -8,14 +13,19 @@ endpoints: []
ports: ports:
metrics: metrics:
scheme: http
name: http-metrics
port: 10251 port: 10251
protocol: TCP
serviceMonitor: serviceSelectorLabels:
## Custom Labels to be added to ServiceMonitor component: kube-scheduler
##
labels: {}
prometheusRule: serviceMonitorLabels: {}
## Custom Labels to be added to PrometheusRule
## prometheusRuleLabels: {}
labels: {}
## Skip verification until we have resolved why the certificate validation
## for the kubelet on API server nodes fail.
##
insecureSkipVerify: true
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/templates/deployment.yaml
...@@ -21,17 +21,14 @@ spec: ...@@ -21,17 +21,14 @@ spec:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
spec: spec:
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
containers: containers:
- name: kube-state - name: kube-state
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
ports: ports:
- name: http - name: http
containerPort: 8080 containerPort: 8080
protocol: TCP - name: http-metrics
containerPort: 8081
livenessProbe: livenessProbe:
httpGet: httpGet:
path: / path: /
...@@ -45,16 +42,19 @@ spec: ...@@ -45,16 +42,19 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
timeoutSeconds: 5 timeoutSeconds: 5
resources: resources:
limits: {{ toYaml .Values.resources | indent 10 }}
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 130Mi
{{- if .Values.enabledRBAC }} {{- if .Values.enabledRBAC }}
serviceAccountName: {{ .Values.serviceAccountName }} serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
{{- end }}
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.tolerations }} {{- if .Values.tolerations }}
tolerations: tolerations:
{{ toYaml .Values.tolerations | indent 8 }} {{ toYaml .Values.tolerations | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/templates/rbac.yaml 0 → 100644
{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
apiVersion: {{ template "rbac_api_version" . }}
kind: ClusterRole
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}
rules:
- apiGroups:
- ""
resources:
- namespaces
- nodes
- pods
- services
- resourcequotas
- replicationcontrollers
- limitranges
- persistentvolumeclaims
- persistentvolumes
- endpoints
- configmaps
- secrets
verbs:
- "list"
- "watch"
- apiGroups:
- "extensions"
resources:
- daemonsets
- deployments
- replicasets
verbs:
- "list"
- "watch"
- apiGroups:
- "apps"
resources:
- statefulsets
- deployments
verbs:
- "list"
- "watch"
- apiGroups:
- "batch"
resources:
- cronjobs
- jobs
verbs:
- "list"
- "watch"
- apiGroups:
- "autoscaling"
resources:
- horizontalpodautoscalers
verbs:
- "list"
- "watch"
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 2 }}
---
apiVersion: {{ template "rbac_api_version" . }}
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "app.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "app.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/templates/service.yaml
...@@ -7,15 +7,19 @@ metadata: ...@@ -7,15 +7,19 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" k8s-app: kube-state
{{ .Values.apiGroup }}: "true"
spec: spec:
type: ClusterIP type: ClusterIP
clusterIP: None
selector: selector:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
ports: ports:
- name: metrics - name: http
port: {{ .Values.ports.metrics.port }} port: 8080
targetPort: 8080 targetPort: http
protocol: TCP - name: http-metrics
port: 8081
targetPort: http-metrics
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/templates/servicemonitor.yaml
...@@ -7,22 +7,49 @@ metadata: ...@@ -7,22 +7,49 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: kube-state
selector: selector:
matchLabels: matchLabels:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
endpoints: endpoints:
- port: metrics - port: http
interval: 15s interval: 15s
honorLabels: true honorLabels: true
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
- port: http-metrics
interval: 30s
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-kube-state/values.yaml
...@@ -8,12 +8,6 @@ serviceAccountName: "" ...@@ -8,12 +8,6 @@ serviceAccountName: ""
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
## Expertor listens on where and exports on host
##
ports:
metrics:
port: 8080
# Default values for kube-state-metrics. # Default values for kube-state-metrics.
# This is a YAML-formatted file. # This is a YAML-formatted file.
# Declare variables to be passed into your templates. # Declare variables to be passed into your templates.
...@@ -23,6 +17,14 @@ image: ...@@ -23,6 +17,14 @@ image:
repository: quay.io/coreos/kube-state-metrics repository: quay.io/coreos/kube-state-metrics
tag: v1.4.0 tag: v1.4.0
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 130Mi
## Node Selector to constrain pods to run on particular nodes ## Node Selector to constrain pods to run on particular nodes
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
## ##
...@@ -37,7 +39,6 @@ tolerations: {} ...@@ -37,7 +39,6 @@ tolerations: {}
# value: "value" # value: "value"
# effect: "NoSchedule" # effect: "NoSchedule"
serviceMonitor: serviceMonitorLabels: {}
## Custom Labels to be added to ServiceMonitor
## securityContext: {}
labels: {}
charts/rancher-monitoring/v0.0.2/charts/exporter-kubelets/templates/servicemonitor.yaml
...@@ -7,43 +7,96 @@ metadata: ...@@ -7,43 +7,96 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "charts.exporter-kubelets.fullname" . }} name: {{ template "charts.exporter-kubelets.fullname" . }}
spec: spec:
jobLabel: kubelet
selector: selector:
matchLabels: matchLabels:
k8s-app: kubelet {{ toYaml .Values.serviceSelectorLabels | indent 6 }}
namespaceSelector: namespaceSelector:
any: true
matchNames: matchNames:
- "kube-system"
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
endpoints: endpoints:
{{- if .Values.https }}
- port: https-metrics - port: https-metrics
scheme: https scheme: https
interval: 15s interval: 15s
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
tlsConfig: tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }} {{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true insecureSkipVerify: true
{{- end }} {{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
- port: https-metrics - port: https-metrics
scheme: https scheme: https
path: /metrics/cadvisor path: /metrics/cadvisor
interval: 30s interval: 30s
honorLabels: true honorLabels: true
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
tlsConfig: tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }} {{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true insecureSkipVerify: true
{{- end }} {{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
{{- else }}
- port: http-metrics - port: http-metrics
interval: 15s interval: 15s
- port: cadvisor relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
- port: http-metrics
path: /metrics/cadvisor
interval: 30s interval: 30s
honorLabels: true honorLabels: true
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/exporter-kubelets/values.yaml
...@@ -2,12 +2,16 @@ ...@@ -2,12 +2,16 @@
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
serviceSelectorLabels:
k8s-app: kubelet
serviceMonitorLabels: {}
## Skip verification until we have resolved why the certificate validation ## Skip verification until we have resolved why the certificate validation
## for the kubelet on API server nodes fail. ## for the kubelet on API server nodes fail.
## ##
insecureSkipVerify: true insecureSkipVerify: true
serviceMonitor: ## Set false when using GKE
## Custom Labels to be added to ServiceMonitor ##
## https: true
labels: {}
charts/rancher-monitoring/v0.0.2/charts/exporter-kubernetes/templates/prometheusrule.yaml
...@@ -7,8 +7,8 @@ metadata: ...@@ -7,8 +7,8 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.prometheusRule.labels }} {{- if .Values.prometheusRuleLabels }}
{{ toYaml .Values.prometheusRule.labels | indent 4 }} {{ toYaml .Values.prometheusRuleLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
......
charts/rancher-monitoring/v0.0.2/charts/exporter-kubernetes/templates/servicemonitor.yaml
...@@ -7,26 +7,39 @@ metadata: ...@@ -7,26 +7,39 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: kubernetes
selector: selector:
matchLabels: matchLabels:
component: apiserver {{ toYaml .Values.serviceSelectorLabels | indent 6 }}
provider: kubernetes
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- "default" - "default"
endpoints: endpoints:
- port: https - port: {{ .Values.ports.metrics.name }}
interval: 15s interval: 15s
scheme: https bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
scheme: {{ .Values.ports.metrics.scheme }}
{{- if eq .Values.ports.metrics.scheme "https" }}
tlsConfig: tlsConfig:
caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
{{- if .Values.insecureSkipVerify }} {{- if .Values.insecureSkipVerify }}
insecureSkipVerify: true insecureSkipVerify: true
{{- end }} {{- end }}
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token {{- end }}
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
action: replace
targetLabel: host_ip
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
action: replace
targetLabel: node
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-kubernetes/values.yaml
...@@ -2,17 +2,17 @@ ...@@ -2,17 +2,17 @@
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
## Skip verification until we have resolved why the certificate validation ports:
## for the kubelet on API server nodes fail. metrics:
## scheme: https
insecureSkipVerify: true name: https
serviceSelectorLabels:
component: apiserver
provider: kubernetes
serviceMonitor: serviceMonitorLabels: {}
## Custom Labels to be added to ServiceMonitor
##
labels: {}
prometheusRule: prometheusRuleLabels: {}
## Custom Labels to be added to PrometheusRule
## insecureSkipVerify: true
labels: {}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/daemonset.yaml
...@@ -20,34 +20,61 @@ spec: ...@@ -20,34 +20,61 @@ spec:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
spec: spec:
tolerations:
- operator: "Exists"
- key: "node-role.kubernetes.io/master"
operator: "Exists"
- key: "node-role.kubernetes.io/etcd"
operator: "Exists"
- key: "node-role.kubernetes.io/controlplane"
operator: "Exists"
containers: containers:
- name: exporter-node - name: exporter-node
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
args: args:
- --web.listen-address=0.0.0.0:{{ .Values.ports.metrics.port }} - --web.listen-address=$(POD_IP):{{ .Values.ports.metrics.port }}
{{- if and .Values.container .Values.container.args }} - --path.procfs=/host/proc
{{ toYaml .Values.container.args | indent 10 }} - --path.sysfs=/host/sys
- --path.rootfs=/host
{{- $usingCollectors := merge .Values.collectors .Values.defaultCollectorSettings }}
{{- range $collectorName, $collectorVal := $usingCollectors }}
{{- if and $collectorVal $collectorVal.enabled }}
- --collector.{{ $collectorName }}
{{- $_ := unset $collectorVal "enabled" -}}
{{- if $collectorVal }}
{{- range $collectorValKey, $collectorValVal := $collectorVal }}
{{- if $collectorValVal }}
- --collector.{{ $collectorName }}.{{ $collectorValKey }}={{ $collectorValVal }}
{{- else }}
- --collector.{{ $collectorName }}.{{ $collectorValKey }}
{{- end }}
{{- end }}
{{- end }}
{{- else }}
- --no-collector.{{$collectorName}}
{{- end }}
{{- end }} {{- end }}
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
ports: ports:
- name: http - name: http
containerPort: {{ .Values.ports.metrics.port }} containerPort: {{ .Values.ports.metrics.port }}
{{- if .Values.enabledHostNetwork }}
hostPort: {{ .Values.ports.metrics.port }} hostPort: {{ .Values.ports.metrics.port }}
{{- end }}
resources: resources:
{{ toYaml .Values.resources | indent 12 }} {{ toYaml .Values.resources | indent 10 }}
{{- if and .Values.container .Values.container.volumeMounts }}
volumeMounts: volumeMounts:
{{ toYaml .Values.container.volumeMounts | indent 10 }} - name: proc
{{- end }} mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
- name: host
mountPath: /host
readOnly: true
{{- if .Values.enabledRBAC }} {{- if .Values.enabledRBAC }}
serviceAccountName: {{ .Values.serviceAccountName }} serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
{{- end }}
{{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.tolerations }} {{- if .Values.tolerations }}
tolerations: tolerations:
...@@ -57,9 +84,19 @@ spec: ...@@ -57,9 +84,19 @@ spec:
nodeSelector: nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }} {{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.enabledHostNetwork }}
hostNetwork: true hostNetwork: true
{{- end }}
{{- if .Values.enabledHostPID }}
hostPID: true hostPID: true
{{- if and .Values.container .Values.container.volumes }} {{- end }}
volumes: volumes:
{{ toYaml .Values.container.volumes | indent 6 }} - name: proc
{{- end}} hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
- name: host
hostPath:
path: /
charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/prometheusrule.yaml
...@@ -7,8 +7,8 @@ metadata: ...@@ -7,8 +7,8 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.prometheusRule.labels }} {{- if .Values.prometheusRuleLabels }}
{{ toYaml .Values.prometheusRule.labels | indent 4 }} {{ toYaml .Values.prometheusRuleLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
...@@ -16,19 +16,19 @@ spec: ...@@ -16,19 +16,19 @@ spec:
- name: node.rules - name: node.rules
rules: rules:
- record: instance:node_cpu:rate:sum - record: instance:node_cpu:rate:sum
expr: sum(rate(node_cpu{mode!="idle",mode!="iowait"}[3m])) expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[3m]))
BY (instance) BY (instance)
- record: instance:node_filesystem_usage:sum - record: instance:node_filesystem_usage:sum
expr: sum((node_filesystem_size{mountpoint="/"} - node_filesystem_free{mountpoint="/"})) expr: sum((node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free{mountpoint="/"}))
BY (instance) BY (instance)
- record: instance:node_network_receive_bytes:rate:sum - record: instance:node_network_receive_bytes:rate:sum
expr: sum(rate(node_network_receive_bytes[3m])) BY (instance) expr: sum(rate(node_network_receive_bytes_total[3m])) BY (instance)
- record: instance:node_network_transmit_bytes:rate:sum - record: instance:node_network_transmit_bytes:rate:sum
expr: sum(rate(node_network_transmit_bytes[3m])) BY (instance) expr: sum(rate(node_network_transmit_bytes_total[3m])) BY (instance)
- record: instance:node_cpu:ratio - record: instance:node_cpu:ratio
expr: sum(rate(node_cpu{mode!="idle",mode!="iowait"}[5m])) WITHOUT (cpu, mode) / ON(instance) expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m])) WITHOUT (cpu, mode) / ON(instance)
GROUP_LEFT() count(sum(node_cpu) BY (instance, cpu)) BY (instance) GROUP_LEFT() count(sum(node_cpu_seconds_total) BY (instance, cpu)) BY (instance)
- record: cluster:node_cpu:sum_rate5m - record: cluster:node_cpu:sum_rate5m
expr: sum(rate(node_cpu{mode!="idle",mode!="iowait"}[5m])) expr: sum(rate(node_cpu_seconds_total{mode!="idle",mode!="iowait"}[5m]))
- record: cluster:node_cpu:ratio - record: cluster:node_cpu:ratio
expr: cluster:node_cpu:rate5m / count(sum(node_cpu) BY (instance, cpu)) expr: cluster:node_cpu_seconds_total:rate5m / count(sum(node_cpu_seconds_total) BY (instance, cpu))
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/rbac.yaml 0 → 100644
{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
apiVersion: {{ template "rbac_api_version" . }}
kind: ClusterRole
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- creat
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 2 }}
---
apiVersion: {{ template "rbac_api_version" . }}
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "app.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "app.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/service.yaml
...@@ -7,9 +7,11 @@ metadata: ...@@ -7,9 +7,11 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" k8s-app: node
{{ .Values.apiGroup }}: "true"
spec: spec:
type: ClusterIP type: ClusterIP
clusterIP: None
selector: selector:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
......
charts/rancher-monitoring/v0.0.2/charts/exporter-node/templates/servicemonitor.yaml
...@@ -7,21 +7,33 @@ metadata: ...@@ -7,21 +7,33 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: node
selector: selector:
matchLabels: matchLabels:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
endpoints: endpoints:
- port: metrics - port: metrics
interval: 15s interval: 15s
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/exporter-node/values.yaml
...@@ -4,6 +4,8 @@ enabledRBAC: true ...@@ -4,6 +4,8 @@ enabledRBAC: true
## ##
serviceAccountName: "" serviceAccountName: ""
serviceAccountNameOverride: ""
## CRD apiGroup ## CRD apiGroup
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
...@@ -14,13 +16,13 @@ ports: ...@@ -14,13 +16,13 @@ ports:
metrics: metrics:
port: 9100 port: 9100
# This is a YAML-formatted file. enabledHostNetwork: true
# Declare variables to be passed into your templates.
replicaCount: 1 enabledHostPID: true
image: image:
repository: quay.io/prometheus/node-exporter repository: quay.io/prometheus/node-exporter
tag: v0.16.0 tag: v0.17.0
resources: resources:
limits: limits:
...@@ -30,46 +32,166 @@ resources: ...@@ -30,46 +32,166 @@ resources:
cpu: 100m cpu: 100m
memory: 30Mi memory: 30Mi
container:
args:
- --path.procfs=/host/proc
- --path.sysfs=/host/sys
volumes:
- name: proc
hostPath:
path: /proc
- name: sys
hostPath:
path: /sys
volumeMounts:
- name: proc
mountPath: /host/proc
readOnly: true
- name: sys
mountPath: /host/sys
readOnly: true
## Tolerations for use with node taints ## Tolerations for use with node taints
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
## ##
tolerations: tolerations:
- effect: NoSchedule - operator: Exists
operator: Exists
## Node Selector to constrain pods to run on particular nodes ## Node Selector to constrain pods to run on particular nodes
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
## ##
nodeSelector: {} nodeSelector: {}
serviceMonitor: serviceMonitorLabels: {}
## Custom Labels to be added to ServiceMonitor
## prometheusRuleLabels: {}
labels: {}
collectors: {}
prometheusRule: securityContext:
## Custom Labels to be added to PrometheusRule runAsNonRoot: true
## runAsUser: 65534
labels: {}
##
# Default collector settings
##
defaultCollectorSettings:
##
# Enabled by default on Linux
##
# Exposes ARP statistics from /proc/net/arp
arp:
enabled: true
# Exposes bcache statistics from /sys/fs/bcache/
bcache:
enabled: true
# Exposes the number of configured and active slaves of Linux bonding interfaces
bonding:
enabled: true
# Shows conntrack statistics (does nothing if no /proc/sys/net/netfilter/ present)
conntrack:
enabled: true
# Exposes CPU statistics
cpu:
enabled: true
# Exposes disk I/O statistics.
diskstats:
enabled: true
# Exposes error detection and correction statistics
edac:
enabled: true
# Exposes available entropy
entropy:
enabled: true
# Exposes file descriptor statistics from /proc/sys/fs/file-nr
filefd:
enabled: true
# Exposes filesystem statistics, such as disk space used
filesystem:
enabled: true
# Expose hardware monitoring and sensor data from /sys/class/hwmon/
hwmon:
enabled: true
# Exposes network statistics specific to InfiniBand and Intel OmniPath configurations
infiniband:
enabled: true
# Exposes IPVS status from /proc/net/ip_vs and stats from /proc/net/ip_vs_stats
ipvs:
enabled: true
# Exposes load average. Darwin, Dragonfly, FreeBSD, Linux, NetBSD, OpenBSD, Solaris
loadavg:
enabled: true
# Exposes statistics about devices in /proc/mdstat (does nothing if no /proc/mdstat present)
mdadm:
enabled: true
# Exposes memory statistics.
meminfo:
enabled: true
# Exposes network interface statistics such as bytes transferred
netdev:
enabled: true
# Exposes network statistics from /proc/net/netstat
netstat:
enabled: true
# Exposes NFS client statistics from /proc/net/rpc/nfs
nfs:
enabled: true
# Exposes NFS kernel server statistics from /proc/net/rpc/nfsd
nfsd:
enabled: true
# Exposes various statistics from /proc/net/sockstat
sockstat:
enabled: true
# Exposes various statistics from /proc/stat
stat:
enabled: true
# Exposes statistics read from local disk
textfile:
enabled: true
# Exposes the current system time
time:
enabled: true
# Exposes selected adjtimex(2) system call stats
timex:
enabled: true
# Exposes system information as provided by the uname system call
uname:
enabled: true
# Exposes statistics from /proc/vmstat
vmstat:
enabled: true
# Exposes XFS runtime statistics
xfs:
enabled: true
# Exposes ZFS performance statistics
zfs:
enabled: true
##
# Enabled by default on Linux
##
# Exposes statistics of memory fragments as reported by /proc/buddyinfo
buddyinfo:
enabled: false
# Exposes Distributed Replicated Block Device statistics (to version 8.4)
drbd:
enabled: false
# Exposes detailed interrupts statistics
interrupts:
enabled: false
# Exposes kernel and system statistics from /sys/kernel/mm/ksm
ksmd:
enabled: false
# Exposes session counts from logind
logind:
enabled: false
# Exposes memory statistics from /proc/meminfo_numa
meminfo_numa:
enabled: false
# Exposes filesystem statistics from /proc/self/mountstats, exposes detailed NFS client statistics
mountstats:
enabled: false
# Exposes local NTP daemon health to check time
ntp:
enabled: false
# Exposes aggregate process statistics from /proc
processes:
enabled: false
# Exposes queuing discipline statistics
qdisc:
enabled: false
# Exposes service status from runit
runit:
enabled: false
# Exposes service status from supervisord
supervisord:
enabled: false
# Exposes service and system status from systemd
systemd:
enabled: false
# Exposes TCP connection status information from /proc/net/tcp and /proc/net/tcp6
tcpstat:
enabled: false
# Exposes WiFi device and station statistics
wifi:
enabled: false
charts/rancher-monitoring/v0.0.2/charts/grafana/dashboards/c_cluster-dashboard.json
This source diff could not be displayed because it is too large. You can view the blob instead.
charts/rancher-monitoring/v0.0.2/charts/grafana/dashboards/c_nodes-dashboard.json
This source diff could not be displayed because it is too large. You can view the blob instead.
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{- define "app.dashboards.fullname" -}}
{{- $name := include "app.name" . -}}
{{- printf "%s-%s-dashboards" $name .Release.Name -}}
{{- end -}}
{{- define "app.provisionings.fullname" -}}
{{- $name := include "app.name" . -}}
{{- printf "%s-%s-provisionings" $name .Release.Name -}}
{{- end -}}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/dashboards-configmap.yaml
...@@ -12,13 +12,3 @@ data: ...@@ -12,13 +12,3 @@ data:
{{ (.Files.Glob "dashboards/c_*.json").AsConfig | indent 2 }} {{ (.Files.Glob "dashboards/c_*.json").AsConfig | indent 2 }}
{{- end }} {{- end }}
{{ (.Files.Glob "dashboards/w_*.json").AsConfig | indent 2 }} {{ (.Files.Glob "dashboards/w_*.json").AsConfig | indent 2 }}
prometheus-datasource.json: |+
{
"access": "proxy",
"basicAuth": false,
"editable": false,
"isDefault": true,
"name": "Rancher-Monitoring",
"type": "prometheus",
"url": "{{ .Values.prometheusDatasourceURL }}"
}
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/deployment.yaml
...@@ -24,30 +24,30 @@ spec: ...@@ -24,30 +24,30 @@ spec:
initContainers: initContainers:
- name: grafana-init-plugin-json-copy - name: grafana-init-plugin-json-copy
image: {{ .Values.image.repository }}:{{ .Values.image.tag }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
{{- if and .Values.resources .Values.resources.inits }}
resources:
{{ toYaml .Values.resources.inits | indent 10 }}
{{- end }}
volumeMounts: volumeMounts:
- name: grafana-static-hooks - name: grafana-static-hooks
mountPath: /run.sh mountPath: /run.sh
subPath: copy-datasource-plugin-json.sh subPath: copy-datasource-plugin-json.sh
- name: grafana-static-contents - name: grafana-static-contents
mountPath: /host mountPath: /host
- name: grafana-init-plugin-json-modify
image: {{ .Values.image.tool.repository }}:{{ .Values.image.tool.tag }}
command:
- /usr/bin/modify-datasource-plugin-json.sh
{{- if and .Values.resources .Values.resources.inits }} {{- if and .Values.resources .Values.resources.inits }}
resources: resources:
{{ toYaml .Values.resources.inits | indent 10 }} {{ toYaml .Values.resources.inits | indent 10 }}
{{- end }} {{- end }}
- name: grafana-init-plugin-json-modify
image: {{ .Values.image.inits.tools.repository }}:{{ .Values.image.inits.tools.tag }}
command:
- /usr/bin/modify-datasource-plugin-json.sh
volumeMounts: volumeMounts:
- name: grafana-static-hooks - name: grafana-static-hooks
mountPath: /usr/bin/modify-datasource-plugin-json.sh mountPath: /usr/bin/modify-datasource-plugin-json.sh
subPath: modify-datasource-plugin-json.sh subPath: modify-datasource-plugin-json.sh
- name: grafana-static-contents - name: grafana-static-contents
mountPath: /host mountPath: /host
{{- if and .Values.resources .Values.resources.inits }}
resources:
{{ toYaml .Values.resources.inits | indent 10 }}
{{- end }}
containers: containers:
- name: grafana - name: grafana
image: {{ .Values.image.repository }}:{{ .Values.image.tag }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
...@@ -56,16 +56,6 @@ spec: ...@@ -56,16 +56,6 @@ spec:
value: "true" value: "true"
- name: GF_AUTH_ANONYMOUS_ENABLED - name: GF_AUTH_ANONYMOUS_ENABLED
value: "true" value: "true"
- name: GF_SECURITY_ADMIN_USER
valueFrom:
secretKeyRef:
name: {{ template "app.fullname" . }}
key: user
- name: GF_SECURITY_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "app.fullname" . }}
key: password
{{- if .Values.extraVars }} {{- if .Values.extraVars }}
{{ toYaml .Values.extraVars | indent 8 }} {{ toYaml .Values.extraVars | indent 8 }}
{{- end }} {{- end }}
...@@ -75,10 +65,14 @@ spec: ...@@ -75,10 +65,14 @@ spec:
- name: grafana-static-contents - name: grafana-static-contents
mountPath: /usr/share/grafana/public/app/plugins/datasource/prometheus/plugin.json mountPath: /usr/share/grafana/public/app/plugins/datasource/prometheus/plugin.json
subPath: grafana/plugin.json subPath: grafana/plugin.json
{{- if .Values.mountGrafanaConfig }} - name: grafana-dashboards
- name: grafana-config mountPath: /var/lib/grafana/rancher-dashboards
mountPath: /etc/grafana - name: grafana-provisionings
{{- end }} mountPath: /etc/grafana/provisioning/dashboards/all.yaml
subPath: dashboards.yaml
- name: grafana-provisionings
mountPath: /etc/grafana/provisioning/datasources/all.yaml
subPath: datasources.yaml
ports: ports:
- name: web - name: web
containerPort: 3000 containerPort: 3000
...@@ -95,38 +89,8 @@ spec: ...@@ -95,38 +89,8 @@ spec:
resources: resources:
{{ toYaml .Values.resources.core | indent 10 }} {{ toYaml .Values.resources.core | indent 10 }}
{{- end }} {{- end }}
- name: grafana-watcher
image: {{ .Values.grafanaWatcher.repository }}:{{ .Values.grafanaWatcher.tag }}
args:
- '--grafana-url=http://127.0.0.1:3000'
- '--watch-dir=/var/grafana-dashboards'
{{- range .Values.dashboardConfigmaps }}
- '--watch-dir=/var/additional-dashboards/{{ . }}'
{{- end }}
env:
- name: GRAFANA_USER
valueFrom:
secretKeyRef:
name: {{ template "app.fullname" . }}
key: user
- name: GRAFANA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "app.fullname" . }}
key: password
{{- if and .Values.resources .Values.resources.watcher }}
resources:
{{ toYaml .Values.resources.watcher | indent 10 }}
{{- end }}
volumeMounts:
- name: grafana-dashboards
mountPath: /var/grafana-dashboards
{{- range .Values.dashboardConfigmaps }}
- name: {{ . }}
mountPath: /var/additional-dashboards/{{ . }}
{{- end }}
- name: grafana-proxy - name: grafana-proxy
image: {{ .Values.grafanaProxy.repository }}:{{ .Values.grafanaProxy.tag }} image: {{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag }}
args: args:
- nginx - nginx
- -g - -g
...@@ -149,7 +113,7 @@ spec: ...@@ -149,7 +113,7 @@ spec:
{{ toYaml .Values.nodeSelector | indent 4 }} {{ toYaml .Values.nodeSelector | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.enabledRBAC }} {{- if .Values.enabledRBAC }}
serviceAccountName: {{ .Values.serviceAccountName }} serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
{{- end }} {{- end }}
{{- if .Values.tolerations }} {{- if .Values.tolerations }}
tolerations: tolerations:
...@@ -182,8 +146,6 @@ spec: ...@@ -182,8 +146,6 @@ spec:
- name: grafana-dashboards - name: grafana-dashboards
configMap: configMap:
name: {{ template "app.dashboards.fullname" . }} name: {{ template "app.dashboards.fullname" . }}
{{- range .Values.dashboardConfigmaps }} - name: grafana-provisionings
- name: {{ . }}
configMap: configMap:
name: {{ . }} name: {{ template "app.provisionings.fullname" . }}
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/metrics-service.yaml
...@@ -7,14 +7,15 @@ metadata: ...@@ -7,14 +7,15 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
spec: spec:
type: ClusterIP type: ClusterIP
clusterIP: None
selector: selector:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
ports: ports:
- name: web - name: metrics
port: 3000 port: 3000
targetPort: web targetPort: web
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/nginx-configmap.yaml
...@@ -21,12 +21,20 @@ data: ...@@ -21,12 +21,20 @@ data:
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
proxy_connect_timeout 10;
proxy_read_timeout 180;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /tmp/temp_dir;
proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
server { server {
listen 80; listen 80;
access_log off; access_log off;
gzip on; gzip on;
...@@ -37,9 +45,6 @@ data: ...@@ -37,9 +45,6 @@ data:
gzip_disable "MSIE [1-6]\."; gzip_disable "MSIE [1-6]\.";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location /api/dashboards { location /api/dashboards {
proxy_pass http://localhost:3000; proxy_pass http://localhost:3000;
...@@ -54,6 +59,14 @@ data: ...@@ -54,6 +59,14 @@ data:
} }
location / { location / {
proxy_cache my_zone;
proxy_cache_valid 200 302 1d;
proxy_cache_valid 301 30d;
proxy_cache_valid any 5m;
proxy_cache_bypass $http_cache_control;
add_header X-Proxy-Cache $upstream_cache_status;
add_header Cache-Control "public";
proxy_pass http://localhost:3000/; proxy_pass http://localhost:3000/;
sub_filter_types text/html; sub_filter_types text/html;
...@@ -61,8 +74,10 @@ data: ...@@ -61,8 +74,10 @@ data:
sub_filter '"appSubUrl":""' '"appSubUrl":"."'; sub_filter '"appSubUrl":""' '"appSubUrl":"."';
sub_filter '"url":"/' '"url":"./'; sub_filter '"url":"/' '"url":"./';
sub_filter ':"/avatar/' ':"avatar/'; sub_filter ':"/avatar/' ':"avatar/';
}
if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
expires 90d;
}
}
} }
} }
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/provisionings-configmap.yaml 0 → 100644
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.provisionings.fullname" . }}
data:
dashboards.yaml: |+
- name: RANCHER_MONITORING
orgId: 1
folder: ''
type: file
disableDeletion: false
updateIntervalSeconds: 0 #never
options:
path: /var/lib/grafana/rancher-dashboards
datasources.yaml: |+
apiVersion: 1
datasources:
- name: RANCHER_MONITORING
type: prometheus
access: proxy
basicAuth: false
editable: false
isDefault: true
url: {{ .Values.prometheusDatasourceURL }}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/rbac.yaml 0 → 100644
{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 2 }}
{{- end }}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/grafana/templates/servicemonitor.yaml
...@@ -7,21 +7,33 @@ metadata: ...@@ -7,21 +7,33 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: grafana
selector: selector:
matchLabels: matchLabels:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
endpoints: endpoints:
- port: web - port: metrics
interval: 30s interval: 30s
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
charts/rancher-monitoring/v0.0.2/charts/grafana/values.yaml
...@@ -6,8 +6,6 @@ enabledRBAC: true ...@@ -6,8 +6,6 @@ enabledRBAC: true
## ##
serviceAccountName: "" serviceAccountName: ""
enabledPSP: true
## CRD apiGroup ## CRD apiGroup
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
...@@ -40,18 +38,17 @@ serviceMonitor: ...@@ -40,18 +38,17 @@ serviceMonitor:
# value: extra-var-value-2 # value: extra-var-value-2
extraVars: extraVars:
adminUser: "admin"
adminPassword: "admin"
## Grafana Docker image ## Grafana Docker image
## ##
image: image:
repository: grafana/grafana repository: grafana/grafana
tag: 5.3.0 tag: 5.3.0
inits: tool:
tools: repository: rancher/prometheus-auth
repository: maiwj/curl tag: v0.1.0
tag: 7.56.1-r0 proxy:
repository: nginx
tag: 1.15.8-alpine
storageSpec: {} storageSpec: {}
# storageClassName: default # storageClassName: default
...@@ -94,35 +91,5 @@ resources: ...@@ -94,35 +91,5 @@ resources:
requests: requests:
memory: 50Mi memory: 50Mi
cpu: 50m cpu: 50m
watcher:
limits:
memory: 50Mi
cpu: 50m
requests:
memory: 50Mi
cpu: 50m
## A list of additional configmaps that contain -dashboard.json and/or -datasource.json files
## that should be imported into grafana.
dashboardConfigmaps: []
prometheusDatasourceURL: "" prometheusDatasourceURL: ""
grafanaProxy:
repository: nginx
tag: 1.15.2
grafanaWatcher:
repository: quay.io/coreos/grafana-watcher
tag: v0.0.8
## Resource limits & requests
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
resources: {}
#requests:
# memory: "16Mi"
# cpu: "50m"
#limits:
# memory: "32Mi"
# cpu: "100m"
charts/rancher-monitoring/v0.0.2/charts/prometheus/additionals/c-scrape_prometheus_io.yaml 0 → 100644
- job_name: 'prometheus-io-scrape'
kubernetes_sd_configs:
- role: pod
namespaces:
names:
- {{ .Release.Namespace }}
- ingress-nginx
- ingress-controller
- kube-system
relabel_configs:
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
action: keep
regex: true
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scheme]
action: replace
target_label: __scheme__
regex: (https?)
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
action: replace
target_label: __metrics_path__
regex: (.+)
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
action: replace
target_label: __address__
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
- source_labels: [__meta_kubernetes_pod_node_name]
action: replace
target_label: node
regex: (.+)
replacement: $1
- source_labels: [__meta_kubernetes_namespace]
action: replace
target_label: namespace
regex: (.+)
replacement: $1
- source_labels: [__meta_kubernetes_pod_name]
action: replace
target_label: pod
regex: (.+)
replacement: $1
- source_labels: [__meta_kubernetes_pod_ip]
action: replace
target_label: pod_ip
regex: (.+)
replacement: $1
- source_labels: [__meta_kubernetes_pod_host_ip]
action: replace
target_label: host_ip
regex: (.+)
replacement: $1
- source_labels: [__meta_kubernetes_pod_controller_kind]
action: replace
target_label: created_by_kind
regex: (.+)
replacement: $1
- source_labels: [__meta_kubernetes_pod_controller_name]
action: replace
target_label: created_by_kind
regex: (.+)
replacement: $1
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/_helpers.tpl 0 → 100644
{{/* vim: set filetype=mustache: */}}
{{- define "additional-scrape-configs.yaml" -}}
{{- $root := . -}}
{{- $yamls := dict -}}
{{- if eq .Values.level "cluster" -}}
{{- range $path, $bytes := .Files.Glob "additionals/c-scrape_*.yaml" -}}
{{- $_ := set $yamls (tpl ($bytes | toString) $root) "" -}}
{{- end -}}
{{- end -}}
{{- range $path, $bytes := .Files.Glob "additionals/w-scrape_*.yaml" -}}
{{- $_ := set $yamls (tpl ($bytes | toString) $root) "" -}}
{{- end -}}
{{- if .Values.additionalScrapeConfigs -}}
{{- $_ := set $yamls (.Values.additionalScrapeConfigs | toYaml) "" -}}
{{- end -}}
{{- if $yamls -}}
{{- keys $yamls | join "\\n" | b64enc | quote -}}
{{- end -}}
{{- end -}}
{{- define "additional-alertmanager-configs.yaml" -}}
{{- $root := . -}}
{{- $yamls := dict -}}
{{- if eq .Values.level "cluster" -}}
{{- range $path, $bytes := .Files.Glob "additionals/c-altermanager_*.yaml" -}}
{{- $_ := set $yamls (tpl ($bytes | toString) $root) "" -}}
{{- end -}}
{{- end -}}
{{- range $path, $bytes := .Files.Glob "additionals/w-altermanager_*.yaml" -}}
{{- $_ := set $yamls (tpl ($bytes | toString) $root) "" -}}
{{- end -}}
{{- if .Values.additionalAlertManagerConfigs -}}
{{- $_ := set $yamls (.Values.additionalAlertManagerConfigs | toYaml) "" -}}
{{- end -}}
{{- if $yamls -}}
{{- keys $yamls | join "\\n" | b64enc | quote -}}
{{- end -}}
{{- end -}}
{{- define "app.auth.fullname" -}}
{{- $name := include "app.name" . -}}
{{- printf "%s-auth-%s" $name .Release.Name -}}
{{- end -}}
charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/metrics-service.yaml
...@@ -7,9 +7,10 @@ metadata: ...@@ -7,9 +7,10 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
spec: spec:
type: ClusterIP type: ClusterIP
clusterIP: None
selector: selector:
{{- if .Values.labels }} {{- if .Values.labels }}
{{ toYaml .Values.labels | indent 4 }} {{ toYaml .Values.labels | indent 4 }}
...@@ -19,6 +20,6 @@ spec: ...@@ -19,6 +20,6 @@ spec:
release: {{ .Release.Name }} release: {{ .Release.Name }}
{{- end }} {{- end }}
ports: ports:
- name: http - name: metrics
port: 9090 port: 9090
targetPort: web targetPort: web
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/nginx-comfigmap.yaml
...@@ -21,12 +21,20 @@ data: ...@@ -21,12 +21,20 @@ data:
http { http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)'; log_format main '[$time_local - $status] $remote_addr - $remote_user $request ($http_referer)';
proxy_connect_timeout 10;
proxy_read_timeout 180;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /tmp/temp_dir;
proxy_cache_path /tmp/nginx levels=1:2 keys_zone=my_zone:100m inactive=1d max_size=10g;
server { server {
listen 80; listen 80;
access_log off; access_log off;
gzip on; gzip on;
...@@ -37,20 +45,27 @@ data: ...@@ -37,20 +45,27 @@ data:
gzip_disable "MSIE [1-6]\."; gzip_disable "MSIE [1-6]\.";
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Authorization "REPLACE_PARAM_AUTHORIZATION"; proxy_set_header Authorization "REPLACE_PARAM_AUTHORIZATION";
proxy_pass_header Authorization; proxy_pass_header Authorization;
location / { location / {
proxy_cache my_zone;
proxy_cache_valid 200 302 1d;
proxy_cache_valid 301 30d;
proxy_cache_valid any 5m;
proxy_cache_bypass $http_cache_control;
add_header X-Proxy-Cache $upstream_cache_status;
add_header Cache-Control "public";
proxy_pass http://prometheus-operated:9090/; proxy_pass http://prometheus-operated:9090/;
sub_filter_types text/html; sub_filter_types text/html;
sub_filter_once off; sub_filter_once off;
sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";'; sub_filter 'var PATH_PREFIX = "";' 'var PATH_PREFIX = ".";';
}
if ($request_filename ~ .*\.(?:js|css|jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm)$) {
expires 90d;
}
}
} }
} }
charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/nginx-deployment.yaml
...@@ -24,12 +24,9 @@ spec: ...@@ -24,12 +24,9 @@ spec:
release: {{ .Release.Name }} release: {{ .Release.Name }}
component: nginx component: nginx
spec: spec:
{{- if .Values.enabledRBAC }}
serviceAccountName: {{ .Values.serviceAccountName }}
{{- end }}
initContainers: initContainers:
- name: nginx-init-auth-add - name: nginx-init-auth-add
image: {{ .Values.image.inits.tools.repository }}:{{ .Values.image.inits.tools.tag }} image: {{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag }}
command: command:
- /usr/bin/replace-config-by-auth.sh - /usr/bin/replace-config-by-auth.sh
volumeMounts: volumeMounts:
...@@ -40,9 +37,13 @@ spec: ...@@ -40,9 +37,13 @@ spec:
mountPath: /host mountPath: /host
- name: prometheus-nginx-template - name: prometheus-nginx-template
mountPath: /template mountPath: /template
{{- if and .Values.resources .Values.resources.inits }}
resources:
{{ toYaml .Values.resources.inits | indent 10 }}
{{- end }}
containers: containers:
- name: nginx - name: prometheus-proxy
image: nginx:1.15.2 image: {{ .Values.image.proxy.repository }}:{{ .Values.image.proxy.tag }}
args: args:
- nginx - nginx
- -g - -g
...@@ -52,10 +53,16 @@ spec: ...@@ -52,10 +53,16 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /nginx - mountPath: /nginx
name: prometheus-static-contents name: prometheus-static-contents
{{- if and .Values.resources .Values.resources.proxy }}
resources:
{{ toYaml .Values.resources.proxy | indent 10 }}
{{- end }}
ports: ports:
- name: http - name: http
containerPort: 80 containerPort: 80
protocol: TCP {{- if .Values.enabledRBAC }}
serviceAccountName: {{ default (default (include "app.fullname" .) .Values.serviceAccountName) .Values.serviceAccountNameOverride }}
{{- end }}
volumes: volumes:
- name: prometheus-static-hooks - name: prometheus-static-hooks
configMap: configMap:
......
charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/prometheus.yaml
...@@ -11,8 +11,62 @@ metadata: ...@@ -11,8 +11,62 @@ metadata:
{{- end }} {{- end }}
name: {{ .Release.Name }} name: {{ .Release.Name }}
spec: spec:
{{- if .Values.listenLocal }} {{- if .Values.securityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 4 }}
{{- end }}
{{- if eq .Values.level "cluster" }}
listenLocal: true listenLocal: true
containers:
- name: prometheus-agent
command:
- prometheus-auth
{{- if and .Values.auth .Values.auth.args }}
args:
{{ toYaml .Values.auth.args | indent 6 }}
{{- end }}
{{- if and .Values.auth .Values.auth.env }}
env:
{{ toYaml .Values.auth.env | indent 6 }}
{{- end }}
image: {{ .Values.image.auth.repository }}:{{ .Values.image.auth.tag }}
ports:
- containerPort: 9090
name: web
protocol: TCP
- containerPort: 9190
name: profile
protocol: TCP
livenessProbe:
failureThreshold: 6
httpGet:
path: /-/healthy
port: web
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 3
readinessProbe:
failureThreshold: 120
httpGet:
path: /-/ready
port: web
scheme: HTTP
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 3
{{- if and .Values.resources .Values.resources.auth }}
resources:
{{ toYaml .Values.resources.auth | indent 6 }}
{{- end }}
{{- if .Values.sidecarsSpec }}
{{ toYaml .Values.sidecarsSpec | indent 2 }}
{{- end }}
{{- else }}
{{- if .Values.sidecarsSpec }}
containers:
{{ toYaml .Values.sidecarsSpec | indent 2 }}
{{- end }}
{{- end }} {{- end }}
podMetadata: podMetadata:
labels: labels:
...@@ -27,7 +81,7 @@ spec: ...@@ -27,7 +81,7 @@ spec:
alerting: alerting:
alertmanagers: alertmanagers:
{{ toYaml .Values.alertingEndpoints | indent 6 }} {{ toYaml .Values.alertingEndpoints | indent 6 }}
{{- else }} {{- else if not (include "additional-alertmanager-configs.yaml" .) }}
alerting: alerting:
alertmanagers: alertmanagers:
- namespace: {{ .Release.Namespace }} - namespace: {{ .Release.Namespace }}
...@@ -49,8 +103,10 @@ spec: ...@@ -49,8 +103,10 @@ spec:
paused: {{ .Values.paused }} paused: {{ .Values.paused }}
replicas: {{ .Values.replicaCount }} replicas: {{ .Values.replicaCount }}
logLevel: {{ .Values.logLevel }} logLevel: {{ .Values.logLevel }}
{{- if and .Values.resources .Values.resources.core }}
resources: resources:
{{ toYaml .Values.resources | indent 4 }} {{ toYaml .Values.resources.core | indent 4 }}
{{- end }}
retention: "{{ .Values.retention }}" retention: "{{ .Values.retention }}"
{{- if .Values.routePrefix }} {{- if .Values.routePrefix }}
routePrefix: "{{ .Values.routePrefix }}" routePrefix: "{{ .Values.routePrefix }}"
...@@ -60,19 +116,15 @@ spec: ...@@ -60,19 +116,15 @@ spec:
{{ toYaml .Values.secrets | indent 4 }} {{ toYaml .Values.secrets | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.enabledRBAC }} {{- if .Values.enabledRBAC }}
serviceAccountName: {{ .Values.serviceAccountName }} serviceAccountName: {{ default (default (include "app.fullname" .) .Values.serviceAccountName) .Values.serviceAccountNameOverride }}
{{- end }} {{- end }}
{{- if .Values.serviceMonitorNamespaceSelector }} {{- if .Values.serviceMonitorNamespaceSelector }}
serviceMonitorNamespaceSelector: serviceMonitorNamespaceSelector:
{{ toYaml .Values.serviceMonitorNamespaceSelector | indent 4 }} {{ toYaml .Values.serviceMonitorNamespaceSelector | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.serviceMonitorSelector }}
serviceMonitorSelector: serviceMonitorSelector:
{{- if .Values.serviceMonitorsSelector }} {{ toYaml .Values.serviceMonitorSelector | indent 4 }}
{{ toYaml .Values.serviceMonitorsSelector | indent 4 }}
{{- else }}
matchLabels:
source: rancher-monitoring
release: {{ .Release.Name }}
{{- end }} {{- end }}
{{- if .Values.remoteRead }} {{- if .Values.remoteRead }}
remoteRead: remoteRead:
...@@ -86,13 +138,9 @@ spec: ...@@ -86,13 +138,9 @@ spec:
ruleNamespaceSelector: ruleNamespaceSelector:
{{ toYaml .Values.ruleNamespaceSelector | indent 4 }} {{ toYaml .Values.ruleNamespaceSelector | indent 4 }}
{{- end }} {{- end }}
{{- if .Values.ruleSelector }}
ruleSelector: ruleSelector:
{{- if .Values.rulesSelector }} {{ toYaml .Values.ruleSelector | indent 4 }}
{{ toYaml .Values.rulesSelector | indent 4 }}
{{- else }}
matchLabels:
source: rancher-monitoring
release: {{ .Release.Name }}
{{- end }} {{- end }}
{{- if or .Values.storageSpec .Values.persistence.enabled }} {{- if or .Values.storageSpec .Values.persistence.enabled }}
storage: storage:
...@@ -126,19 +174,13 @@ spec: ...@@ -126,19 +174,13 @@ spec:
tolerations: tolerations:
{{ toYaml .Values.tolerations | indent 4 }} {{ toYaml .Values.tolerations | indent 4 }}
{{- end }} {{- end }}
imagePullSecrets: {{- if (include "additional-scrape-configs.yaml" .) }}
{{ toYaml .Values.image.pullSecrets | indent 4 }}
{{- if and .Values.additionalScrapeConfigsEnabled .Values.additionalScrapeConfigs }}
additionalScrapeConfigs: additionalScrapeConfigs:
name: {{ template "app.fullname" . }}-additional-scrape-configs name: {{ template "app.fullname" . }}-additional-scrape-configs
key: additional-scrape-configs.yaml key: additional-scrape-configs.yaml
{{- end }} {{- end }}
{{- if and .Values.additionalAlertManagerConfigsEnabled .Values.additionalAlertManagerConfigs }} {{- if (include "additional-alertmanager-configs.yaml" .) }}
additionalAlertManagerConfigs: additionalAlertManagerConfigs:
name: {{ template "app.fullname" . }}-additional-alertmanager-configs name: {{ template "app.fullname" . }}-additional-alertmanager-configs
key: additional-alertmanager-configs.yaml key: additional-alertmanager-configs.yaml
{{- end }} {{- end }}
{{- if .Values.sidecarsSpec }}
containers:
{{ toYaml .Values.sidecarsSpec | indent 4 }}
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/rbac.yaml 0 → 100644
{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ default (include "app.fullname" .) .Values.serviceAccountNameOverride }}
imagePullSecrets:
{{ toYaml .Values.image.pullSecrets | indent 2 }}
---
apiVersion: {{ template "rbac_api_version" . }}
kind: ClusterRole
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ include "app.fullname" . }}-{{ .Release.Namespace }}
rules:
- nonResourceURLs:
- "/metrics"
verbs:
- "get"
- apiGroups:
- "extensions"
verbs:
- "list"
- "watch"
resources:
- ingresses
- apiGroups:
- ""
verbs:
- "list"
- "watch"
resources:
- services
- endpoints
- pods
{{- if eq .Values.level "cluster" }}
- nodes
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- "get"
- apiGroups:
- ""
resources:
- namespaces
- secrets
verbs:
- "list"
- "watch"
- "get"
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- "create"
{{- end }}
---
apiVersion: {{ template "rbac_api_version" . }}
kind: ClusterRoleBinding
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ include "app.fullname" . }}-{{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "app.fullname" . }}-{{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: {{ default (include "app.fullname" .) .Values.serviceAccountNameOverride }}
namespace: {{ .Release.Namespace }}
{{- if ne .Values.level "cluster" }}
---
apiVersion: {{ template "rbac_api_version" . }}
kind: Role
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ include "app.fullname" . }}
rules:
- apiGroups:
- "monitoring.cattle.io"
resources:
- prometheus
verbs:
- "view"
---
apiVersion: {{ template "rbac_api_version" . }}
kind: RoleBinding
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ include "app.fullname" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "app.fullname" . }}
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: {{ default (include "app.fullname" .) .Values.serviceAccountNameOverride }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- $rbacAPIVersion := include "rbac_api_version" . }}
{{- $appServiceAccountName := default (include "app.fullname" .) .Values.serviceAccountNameOverride }}
{{- $appName := include "app.name" . }}
{{- $appVersion := include "app.version" . }}
{{- $root := . -}}
{{ range .Values.additionalBindingClusterRoles }}
---
apiVersion: {{ $rbacAPIVersion }}
kind: ClusterRoleBinding
metadata:
labels:
app: {{ $appName }}
chart: {{ $appVersion }}
heritage: {{ $root.Release.Service }}
release: {{ $root.Release.Name }}
name: {{ . }}-additional-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ . }}
subjects:
- kind: ServiceAccount
name: {{ $appServiceAccountName }}
namespace: {{ $root.Release.Namespace }}
{{ end }}
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/secrets.yaml
{{- if and .Values.additionalScrapeConfigsEnabled .Values.additionalScrapeConfigs }} {{- if (include "additional-scrape-configs.yaml" .) }}
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
...@@ -9,10 +9,10 @@ metadata: ...@@ -9,10 +9,10 @@ metadata:
release: {{ .Release.Name }} release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}-additional-scrape-configs name: {{ template "app.fullname" . }}-additional-scrape-configs
data: data:
additional-scrape-configs.yaml: {{ toYaml .Values.additionalScrapeConfigs | b64enc | quote }} additional-scrape-configs.yaml: {{ template "additional-scrape-configs.yaml" . }}
{{- end }} {{- end }}
{{- if and .Values.additionalAlertManagerConfigsEnabled .Values.additionalAlertManagerConfigs }} {{- if (include "additional-alertmanager-configs.yaml" .) }}
--- ---
apiVersion: v1 apiVersion: v1
kind: Secret kind: Secret
...@@ -24,5 +24,5 @@ metadata: ...@@ -24,5 +24,5 @@ metadata:
release: {{ .Release.Name }} release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}-additional-alertmanager-configs name: {{ template "app.fullname" . }}-additional-alertmanager-configs
data: data:
additional-alertmanager-configs.yaml: {{ toYaml .Values.additionalAlertManagerConfigs | b64enc | quote }} additional-alertmanager-configs.yaml: {{ template "additional-alertmanager-configs.yaml" . }}
{{- end }} {{- end }}
charts/rancher-monitoring/v0.0.2/charts/prometheus/templates/servicemonitor.yaml
...@@ -7,21 +7,59 @@ metadata: ...@@ -7,21 +7,59 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: prometheus
selector: selector:
matchLabels: matchLabels:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
endpoints: endpoints:
- port: http - port: metrics
interval: 30s interval: 30s
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
{{- if eq .Values.level "cluster" }}
- port: metrics
interval: 15s
path: /_/metrics
metricRelabelings:
- sourceLabels:
- job
targetLabel: job
action: replace
regex: (.+)
replacement: expose-prometheus-auth-metrics
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
targetLabel: host_ip
action: replace
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
targetLabel: node
action: replace
regex: (.+)
replacement: $1
{{- end }}
charts/rancher-monitoring/v0.0.2/charts/prometheus/values.yaml
level: cluster
enabledRBAC: true enabledRBAC: true
## Already exist ServiceAccount ## Already exist ServiceAccount
## ##
serviceAccountName: "" serviceAccountName: ""
serviceAccountNameOverride: ""
## CRD apiGroup ## CRD apiGroup
## ##
apiGroup: "monitoring.coreos.com" apiGroup: "monitoring.coreos.com"
...@@ -25,10 +29,7 @@ externalLabels: {} ...@@ -25,10 +29,7 @@ externalLabels: {}
## ##
externalUrl: "" externalUrl: ""
serviceMonitor: serviceMonitorLabels: {}
## Custom Labels to be added to ServiceMonitor
##
labels: {}
##Custom Labels to be added to Prometheus Rules CRDs ##Custom Labels to be added to Prometheus Rules CRDs
## ##
...@@ -37,15 +38,29 @@ additionalRulesLabels: {} ...@@ -37,15 +38,29 @@ additionalRulesLabels: {}
## Prometheus container image ## Prometheus container image
## ##
image: image:
## Reference to one or more secrets to be used when pulling images
##
pullSecrets: []
repository: quay.io/prometheus/prometheus repository: quay.io/prometheus/prometheus
tag: v2.4.3 tag: v2.4.3
inits: auth:
tools: repository: rancher/prometheus-auth
repository: maiwj/curl tag: v0.1.0
tag: 7.56.1-r0 proxy:
repository: nginx
tag: 1.15.8-alpine
auth:
args:
- --log.debug
- agent
- start
- --agent.proxy-url
- http://localhost:9090
- --listen.address
- $(POD_IP):9090
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
## Labels to be added to the Prometheus ## Labels to be added to the Prometheus
## ##
...@@ -77,22 +92,45 @@ replicaCount: 1 ...@@ -77,22 +92,45 @@ replicaCount: 1
## The remote_read spec configuration for Prometheus. ## The remote_read spec configuration for Prometheus.
## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotereadspec ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotereadspec
remoteRead: {} remoteRead: []
# remoteRead: # - url: http://remote1/read
# - url: http://remote1/read
## The remote_write spec configuriation for Prometheus. ## The remote_write spec configuriation for Prometheus.
## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotewritespec ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#remotewritespec
remoteWrite: {} remoteWrite: []
# remoteWrite: # - url: http://remote1/push
# - url: http://remote1/push
## Resource limits & requests ## Resource limits & requests
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
## resources:
resources: {} inits:
# requests: limits:
# memory: 400Mi memory: 50Mi
cpu: 50m
requests:
memory: 50Mi
cpu: 50m
core:
limits:
memory: 500Mi
cpu: 1000m
requests:
memory: 100Mi
cpu: 100m
proxy:
limits:
memory: 100Mi
cpu: 100m
requests:
memory: 50Mi
cpu: 50m
auth:
limits:
memory: 200Mi
cpu: 500m
requests:
memory: 100Mi
cpu: 100m
## How long to retain metrics ## How long to retain metrics
## ##
...@@ -106,20 +144,21 @@ routePrefix: "" ...@@ -106,20 +144,21 @@ routePrefix: ""
## Namespaces to be selected for PrometheusRules discovery. ## Namespaces to be selected for PrometheusRules discovery.
## If unspecified, only the same namespace as the Prometheus object is in is used. ## If unspecified, only the same namespace as the Prometheus object is in is used.
ruleNamespaceSelector: {} ruleNamespaceSelector: {}
## Rules CRD selector ## Rules CRD selector
## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md
## ##
## 1. If `matchLabels` is used, `rules.additionalLabels` must contain all the labels from ## 1. If `matchLabels` is used, `PrometheusRules` must contain all the labels from
## `matchLabels` in order to be be matched by Prometheus ## `matchLabels` in order to be be matched by Prometheus
## 2. If `matchExpressions` is used `rules.additionalLabels` must contain at least one label ## 2. If `matchExpressions` is used `PrometheusRules` must contain at least one label
## from `matchExpressions` in order to be matched by Prometheus ## from `matchExpressions` in order to be matched by Prometheus
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
rulesSelector: {} ruleSelector: {}
# rulesSelector: { # ruleSelector: {
# matchExpressions: [{key: prometheus, operator: In, values: [example-rules, example-rules-2]}] # matchExpressions: [{key: prometheus, operator: In, values: [example-rules, example-rules-2]}]
# } # }
### OR ### OR
# rulesSelector: { # ruleSelector: {
# matchLabels: {role: example-rules} # matchLabels: {role: example-rules}
# } # }
...@@ -129,12 +168,19 @@ rulesSelector: {} ...@@ -129,12 +168,19 @@ rulesSelector: {}
## ##
secrets: [] secrets: []
## Namespaces to be selected for ServiceMonitors discovery.
## If unspecified, only the same namespace as the Prometheus object is in is used.
serviceMonitorNamespaceSelector: {} serviceMonitorNamespaceSelector: {}
## Service monitors selector ## ServiceMonitor CRD selector
## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md
## ##
serviceMonitorsSelector: {} ## 1. If `matchLabels` is used, `ServiceMonitors` must contain all the labels from
## `matchLabels` in order to be be matched by Prometheus
## 2. If `matchExpressions` is used `ServiceMonitors` must contain at least one label
## from `matchExpressions` in order to be matched by Prometheus
## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
serviceMonitorSelector: {}
logLevel: "info" logLevel: "info"
...@@ -160,7 +206,6 @@ persistence: {} ...@@ -160,7 +206,6 @@ persistence: {}
## Prometheus AdditionalScrapeConfigs ## Prometheus AdditionalScrapeConfigs
## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
## ##
additionalScrapeConfigsEnabled: false
additionalScrapeConfigs: [] additionalScrapeConfigs: []
# - job_name: "prometheus" # - job_name: "prometheus"
# static_configs: # static_configs:
...@@ -170,14 +215,15 @@ additionalScrapeConfigs: [] ...@@ -170,14 +215,15 @@ additionalScrapeConfigs: []
## Prometheus AdditionalAlertManagerConfigs ## Prometheus AdditionalAlertManagerConfigs
## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec ## Ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
## ##
additionalAlertManagerConfigsEnabled: false additionalAlertManagerConfigs: []
additionalAlertManagerConfigs: {} # - static_configs:
# static_configs:
# - targets: # - targets:
# - "localhost:9093" # - "localhost:9093"
listenLocal: false
sidecarsSpec: [] sidecarsSpec: []
# - name: sidecar # - name: sidecar
# image: registry/name:tag # image: registry/name:tag
additionalBindingClusterRoles: []
securityContext: {}
charts/rancher-monitoring/v0.0.2/templates/_helpers.tpl
...@@ -45,12 +45,6 @@ ...@@ -45,12 +45,6 @@
{{- end -}} {{- end -}}
{{- define "app.dashboards.fullname" -}}
{{- $name := include "app.name" . -}}
{{- printf "%s-%s-dashboards" $name .Release.Name -}}
{{- end -}}
{{- define "app.hooks.fullname" -}} {{- define "app.hooks.fullname" -}}
{{- $name := include "app.name" . -}} {{- $name := include "app.name" . -}}
{{- printf "%s-%s-hooks" $name .Release.Name -}} {{- printf "%s-%s-hooks" $name .Release.Name -}}
......
charts/rancher-monitoring/v0.0.2/templates/deployment.yaml
...@@ -31,11 +31,10 @@ spec: ...@@ -31,11 +31,10 @@ spec:
- --log-level={{ .Values.logLevel }} - --log-level={{ .Values.logLevel }}
- --prometheus-config-reloader={{ .Values.image.prometheusConfigReloader.repository }}:{{ .Values.image.prometheusConfigReloader.tag }} - --prometheus-config-reloader={{ .Values.image.prometheusConfigReloader.repository }}:{{ .Values.image.prometheusConfigReloader.tag }}
- --config-reloader-image={{ .Values.image.configmapReload.repository }}:{{ .Values.image.configmapReload.tag }} - --config-reloader-image={{ .Values.image.configmapReload.repository }}:{{ .Values.image.configmapReload.tag }}
- --labels=monitoring.cattle.io=true - --labels={{ .Values.apiGroup }}=true
- --crd-apigroup={{ template "operator_api_group" . }} - --crd-apigroup={{ template "operator_api_group" . }}
- --manage-crds={{ .Values.manageCRDs }} - --manage-crds={{ .Values.manageCRDs }}
- --with-validation={{ .Values.withValidation }} - --with-validation={{ .Values.withValidation }}
- --disable-auto-user-group={{ .Values.disableAutoUserGroup }}
ports: ports:
- containerPort: 8080 - containerPort: 8080
name: http name: http
...@@ -46,7 +45,7 @@ spec: ...@@ -46,7 +45,7 @@ spec:
{{ toYaml .Values.nodeSelector | indent 8 }} {{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }} {{- end }}
{{- if .Values.enabledRBAC }} {{- if .Values.enabledRBAC }}
serviceAccountName: {{ .Values.serviceAccountName }} serviceAccountName: {{ default (include "app.fullname" .) .Values.serviceAccountName }}
{{- end }} {{- end }}
{{- if .Values.tolerations }} {{- if .Values.tolerations }}
tolerations: tolerations:
......
charts/rancher-monitoring/v0.0.2/templates/metrics-service.yaml
...@@ -8,15 +8,16 @@ metadata: ...@@ -8,15 +8,16 @@ metadata:
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
spec: spec:
type: ClusterIP type: ClusterIP
clusterIP: None
selector: selector:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
ports: ports:
- name: http - name: metrics
port: 8080 port: 8080
targetPort: http targetPort: http
{{- end }} {{- end }}
\ No newline at end of file
charts/rancher-monitoring/v0.0.2/templates/rbac.yaml 0 → 100644
{{- if .Values.enabled }}
{{- if and .Values.enabledRBAC (not .Values.serviceAccountName) }}
apiVersion: {{ template "rbac_api_version" . }}
kind: ClusterRole
metadata:
name: {{ template "app.fullname" . }}
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
rules:
- apiGroups:
- {{ template "operator_api_group" . }}
resources:
- alertmanager
- alertmanagers
- prometheus
- prometheuses
- service-monitor
- servicemonitors
- prometheusrules
- prometheuses/finalizers
- alertmanagers/finalizers
verbs:
- "*"
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- "*"
- apiGroups: [""]
resources:
- configmaps
- secrets
verbs:
- "*"
- apiGroups: [""]
resources:
- pods
verbs:
- list
- delete
- apiGroups: [""]
resources:
- services
- endpoints
verbs:
- get
- create
- update
- apiGroups: [""]
resources:
- nodes
- namespaces
verbs:
- list
- watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: {{ template "app.fullname" . }}
imagePullSecrets:
{{ toYaml .Values.imagePullSecrets | indent 2 }}
---
apiVersion: {{ template "rbac_api_version" . }}
kind: ClusterRoleBinding
metadata:
name: {{ template "app.fullname" . }}
labels:
app: {{ template "app.name" . }}
chart: {{ template "app.version" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "app.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "app.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
charts/rancher-monitoring/v0.0.2/templates/servicemonitor.yaml
...@@ -8,23 +8,35 @@ metadata: ...@@ -8,23 +8,35 @@ metadata:
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
source: rancher-monitoring source: rancher-monitoring
{{- if .Values.serviceMonitor.labels }} {{- if .Values.serviceMonitorLabels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4 }} {{ toYaml .Values.serviceMonitorLabels | indent 4 }}
{{- end }} {{- end }}
name: {{ template "app.fullname" . }} name: {{ template "app.fullname" . }}
spec: spec:
jobLabel: prometheus-operator
selector: selector:
matchLabels: matchLabels:
app: {{ template "app.name" . }} app: {{ template "app.name" . }}
chart: {{ template "app.version" . }} chart: {{ template "app.version" . }}
release: {{ .Release.Name }} release: {{ .Release.Name }}
monitoring.cattle.io: "true" {{ .Values.apiGroup }}: "true"
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ .Release.Namespace | quote }} - {{ .Release.Namespace | quote }}
endpoints: endpoints:
- port: http - port: metrics
interval: 30s interval: 30s
honorLabels: true honorLabels: true
relabelings:
- sourceLabels:
- __meta_kubernetes_pod_host_ip
action: replace
targetLabel: host_ip
regex: (.+)
replacement: $1
- sourceLabels:
- __meta_kubernetes_pod_node_name
action: replace
targetLabel: node
regex: (.+)
replacement: $1
{{- end }} {{- end }}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment