From 660dc016d20bd61e273ad2c286a2ecb9e63d136a Mon Sep 17 00:00:00 2001 From: Debosmit Ray Date: Mon, 19 May 2025 16:25:21 -0700 Subject: [PATCH] [chart] check in helm charts --- .github/workflows/build-installer-check.yml | 10 + chart/.helmignore | 23 ++ chart/Chart.yaml | 21 ++ chart/templates/_helpers.tpl | 62 +++++ chart/templates/daemonset.yaml | 98 ++++++++ chart/templates/deployment.yaml | 225 +++++++++++++++++ ...zxporter-collectionpolicy-editor-rbac.yaml | 25 ++ ...zxporter-collectionpolicy-viewer-rbac.yaml | 21 ++ ...er-controller-manager-metrics-service.yaml | 14 ++ .../templates/evzero-zxporter-env-config.yaml | 75 ++++++ .../evzero-zxporter-leader-election-rbac.yaml | 83 +++++++ .../evzero-zxporter-manager-rbac.yaml | 218 ++++++++++++++++ .../evzero-zxporter-metrics-auth-rbac.yaml | 34 +++ .../evzero-zxporter-metrics-reader-rbac.yaml | 11 + .../prometheus-dz-prometheus-server-rbac.yaml | 63 +++++ .../prometheus-dz-prometheus-server.yaml | 37 +++ .../prometheus-kube-state-metrics-rbac.yaml | 33 +++ .../prometheus-kube-state-metrics.yaml | 18 ++ chart/templates/serviceaccount.yaml | 41 +++ .../templates/z-prometheus-node-exporter.yaml | 18 ++ chart/values.yaml | 233 ++++++++++++++++++ 21 files changed, 1363 insertions(+) create mode 100644 chart/.helmignore create mode 100644 chart/Chart.yaml create mode 100644 chart/templates/_helpers.tpl create mode 100644 chart/templates/daemonset.yaml create mode 100644 chart/templates/deployment.yaml create mode 100644 chart/templates/evzero-zxporter-collectionpolicy-editor-rbac.yaml create mode 100644 chart/templates/evzero-zxporter-collectionpolicy-viewer-rbac.yaml create mode 100644 chart/templates/evzero-zxporter-controller-manager-metrics-service.yaml create mode 100644 chart/templates/evzero-zxporter-env-config.yaml create mode 100644 chart/templates/evzero-zxporter-leader-election-rbac.yaml create mode 100644 chart/templates/evzero-zxporter-manager-rbac.yaml create mode 100644 chart/templates/evzero-zxporter-metrics-auth-rbac.yaml create mode 100644 chart/templates/evzero-zxporter-metrics-reader-rbac.yaml create mode 100644 chart/templates/prometheus-dz-prometheus-server-rbac.yaml create mode 100644 chart/templates/prometheus-dz-prometheus-server.yaml create mode 100644 chart/templates/prometheus-kube-state-metrics-rbac.yaml create mode 100644 chart/templates/prometheus-kube-state-metrics.yaml create mode 100644 chart/templates/serviceaccount.yaml create mode 100644 chart/templates/z-prometheus-node-exporter.yaml create mode 100644 chart/values.yaml diff --git a/.github/workflows/build-installer-check.yml b/.github/workflows/build-installer-check.yml index b6ed521e..17f933bf 100644 --- a/.github/workflows/build-installer-check.yml +++ b/.github/workflows/build-installer-check.yml @@ -44,4 +44,14 @@ jobs: exit 1 else echo "No uncommitted changes detected in dist/install.yaml. The file is properly committed." + fi + + if [[ -n $(git status --porcelain chart/) ]]; then + echo "::error::Running 'make build-chart' produced changes to chart/ that aren't committed to the repository." + echo "Please run 'make build-chart' locally and commit the changes to chart/ before pushing." + git status chart/ + git diff chart + exit 1 + else + echo "No uncommitted changes detected in chart/. The dir is properly committed." fi \ No newline at end of file diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 00000000..200d9732 --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: chart +description: A Helm chart for Kubernetes +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl new file mode 100644 index 00000000..7ba5edc2 --- /dev/null +++ b/chart/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "chart.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "chart.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "chart.labels" -}} +helm.sh/chart: {{ include "chart.chart" . }} +{{ include "chart.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "chart.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chart.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "chart.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "chart.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/chart/templates/daemonset.yaml b/chart/templates/daemonset.yaml new file mode 100644 index 00000000..1184ea06 --- /dev/null +++ b/chart/templates/daemonset.yaml @@ -0,0 +1,98 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "chart.fullname" . }}-z-prometheus-node-exporter + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: dz-prometheus-node-exporter + {{- include "chart.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/instance: node-exporter + app.kubernetes.io/name: dz-prometheus-node-exporter + {{- include "chart.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: node-exporter + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: dz-prometheus-node-exporter + app.kubernetes.io/part-of: dz-prometheus-node-exporter + app.kubernetes.io/version: 1.7.0 + helm.sh/chart: prometheus-node-exporter-4.24.0 + {{- include "chart.selectorLabels" . | nindent 8 }} + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + spec: + automountServiceAccountToken: false + containers: + - args: {{- toYaml .Values.zPrometheusNodeExporter.nodeExporter.args | nindent 8 + }} + env: + - name: HOST_IP + value: {{ quote .Values.zPrometheusNodeExporter.nodeExporter.env.hostIp }} + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.zPrometheusNodeExporter.nodeExporter.image.repository }}:{{ .Values.zPrometheusNodeExporter.nodeExporter.image.tag + | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.zPrometheusNodeExporter.nodeExporter.imagePullPolicy + }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 9101 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: node-exporter + ports: + - containerPort: 9101 + name: metrics + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: 9101 + scheme: HTTP + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + resources: {} + securityContext: {{- toYaml .Values.zPrometheusNodeExporter.nodeExporter.containerSecurityContext + | nindent 10 }} + volumeMounts: + - mountPath: /host/proc + name: proc + readOnly: true + - mountPath: /host/sys + name: sys + readOnly: true + - mountPath: /host/root + mountPropagation: HostToContainer + name: root + readOnly: true + hostNetwork: true + hostPID: true + nodeSelector: {{- toYaml .Values.zPrometheusNodeExporter.nodeSelector | nindent 8 + }} + securityContext: {{- toYaml .Values.zPrometheusNodeExporter.podSecurityContext | + nindent 8 }} + serviceAccountName: {{ include "chart.fullname" . }}-z-prometheus-node-exporter + tolerations: + - effect: NoSchedule + operator: Exists + volumes: + - hostPath: + path: /proc + name: proc + - hostPath: + path: /sys + name: sys + - hostPath: + path: / + name: root diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml new file mode 100644 index 00000000..217adb38 --- /dev/null +++ b/chart/templates/deployment.yaml @@ -0,0 +1,225 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "chart.fullname" . }}-prometheus-kube-state-metrics + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + {{- include "chart.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.prometheusKubeStateMetrics.replicas }} + revisionHistoryLimit: {{ .Values.prometheusKubeStateMetrics.revisionHistoryLimit + }} + strategy: + type: {{ .Values.prometheusKubeStateMetrics.strategy.type | quote }} + selector: + matchLabels: + app.kubernetes.io/instance: prometheus + app.kubernetes.io/name: kube-state-metrics + {{- include "chart.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/instance: prometheus + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/part-of: kube-state-metrics + app.kubernetes.io/version: 2.10.1 + helm.sh/chart: kube-state-metrics-5.15.2 + {{- include "chart.selectorLabels" . | nindent 8 }} + spec: + containers: + - args: {{- toYaml .Values.prometheusKubeStateMetrics.kubeStateMetrics.args | nindent + 8 }} + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: '{{ .Values.prometheusKubeStateMetrics.kubeStateMetrics.image.repository + }}:{{ .Values.prometheusKubeStateMetrics.kubeStateMetrics.image.tag | default + .Chart.AppVersion }}' + imagePullPolicy: {{ .Values.prometheusKubeStateMetrics.kubeStateMetrics.imagePullPolicy + }} + livenessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + name: kube-state-metrics + ports: + - containerPort: 8080 + name: http + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 5 + timeoutSeconds: 5 + resources: {} + securityContext: {{- toYaml .Values.prometheusKubeStateMetrics.kubeStateMetrics.containerSecurityContext + | nindent 10 }} + securityContext: {{- toYaml .Values.prometheusKubeStateMetrics.podSecurityContext + | nindent 8 }} + serviceAccountName: {{ include "chart.fullname" . }}-prometheus-kube-state-metrics +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "chart.fullname" . }}-prometheus-dz-prometheus-server + labels: + app.kubernetes.io/component: server + app.kubernetes.io/part-of: dz-prometheus + {{- include "chart.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.prometheusDzPrometheusServer.replicas }} + revisionHistoryLimit: {{ .Values.prometheusDzPrometheusServer.revisionHistoryLimit + }} + strategy: + type: {{ .Values.prometheusDzPrometheusServer.strategy.type | quote }} + selector: + matchLabels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: prometheus + app.kubernetes.io/name: dz-prometheus + {{- include "chart.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app.kubernetes.io/component: server + app.kubernetes.io/instance: prometheus + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: dz-prometheus + app.kubernetes.io/part-of: dz-prometheus + app.kubernetes.io/version: v2.48.0 + helm.sh/chart: prometheus-25.8.0 + {{- include "chart.selectorLabels" . | nindent 8 }} + spec: + containers: + - args: {{- toYaml .Values.prometheusDzPrometheusServer.dzPrometheusServerConfigmapReload.args + | nindent 8 }} + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: '{{ .Values.prometheusDzPrometheusServer.dzPrometheusServerConfigmapReload.image.repository + }}:{{ .Values.prometheusDzPrometheusServer.dzPrometheusServerConfigmapReload.image.tag + | default .Chart.AppVersion }}' + imagePullPolicy: {{ .Values.prometheusDzPrometheusServer.dzPrometheusServerConfigmapReload.imagePullPolicy + }} + name: dz-prometheus-server-configmap-reload + resources: {} + volumeMounts: + - mountPath: /etc/config + name: config-volume + readOnly: true + - args: {{- toYaml .Values.prometheusDzPrometheusServer.dzPrometheusServer.args | + nindent 8 }} + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: '{{ .Values.prometheusDzPrometheusServer.dzPrometheusServer.image.repository + }}:{{ .Values.prometheusDzPrometheusServer.dzPrometheusServer.image.tag | default + .Chart.AppVersion }}' + imagePullPolicy: {{ .Values.prometheusDzPrometheusServer.dzPrometheusServer.imagePullPolicy + }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /-/healthy + port: 9090 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 10 + name: dz-prometheus-server + ports: + - containerPort: 9090 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /-/ready + port: 9090 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 4 + resources: {} + volumeMounts: + - mountPath: /etc/config + name: config-volume + - mountPath: /data + name: storage-volume + dnsPolicy: ClusterFirst + enableServiceLinks: true + securityContext: {{- toYaml .Values.prometheusDzPrometheusServer.podSecurityContext + | nindent 8 }} + serviceAccountName: {{ include "chart.fullname" . }}-prometheus-dz-prometheus-server + terminationGracePeriodSeconds: 300 + volumes: + - configMap: + name: {{ include "chart.fullname" . }}-prometheus-dz-prometheus-server + name: config-volume + - emptyDir: {} + name: storage-volume +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-controller-manager + labels: + control-plane: controller-manager + {{- include "chart.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.evzeroZxporterControllerManager.replicas }} + selector: + matchLabels: + control-plane: controller-manager + {{- include "chart.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: controller-manager + {{- include "chart.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + containers: + - args: {{- toYaml .Values.evzeroZxporterControllerManager.manager.args | nindent + 8 }} + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: '{{ .Values.evzeroZxporterControllerManager.manager.image.repository }}:{{ + .Values.evzeroZxporterControllerManager.manager.image.tag | default .Chart.AppVersion + }}' + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.evzeroZxporterControllerManager.manager.resources + | nindent 10 }} + securityContext: {{- toYaml .Values.evzeroZxporterControllerManager.manager.containerSecurityContext + | nindent 10 }} + volumeMounts: + - mountPath: /etc/zxporter/config + name: config-volume + readOnly: true + securityContext: {{- toYaml .Values.evzeroZxporterControllerManager.podSecurityContext + | nindent 8 }} + serviceAccountName: {{ include "chart.fullname" . }}-evzero-zxporter-controller-manager + terminationGracePeriodSeconds: 10 + volumes: + - configMap: + name: {{ include "chart.fullname" . }}-evzero-zxporter-env-config + name: config-volume diff --git a/chart/templates/evzero-zxporter-collectionpolicy-editor-rbac.yaml b/chart/templates/evzero-zxporter-collectionpolicy-editor-rbac.yaml new file mode 100644 index 00000000..d9b830b6 --- /dev/null +++ b/chart/templates/evzero-zxporter-collectionpolicy-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-collectionpolicy-editor-role + labels: + {{- include "chart.labels" . | nindent 4 }} +rules: +- apiGroups: + - devzero.io + resources: + - collectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devzero.io + resources: + - collectionpolicies/status + verbs: + - get diff --git a/chart/templates/evzero-zxporter-collectionpolicy-viewer-rbac.yaml b/chart/templates/evzero-zxporter-collectionpolicy-viewer-rbac.yaml new file mode 100644 index 00000000..f15c8b87 --- /dev/null +++ b/chart/templates/evzero-zxporter-collectionpolicy-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-collectionpolicy-viewer-role + labels: + {{- include "chart.labels" . | nindent 4 }} +rules: +- apiGroups: + - devzero.io + resources: + - collectionpolicies + verbs: + - get + - list + - watch +- apiGroups: + - devzero.io + resources: + - collectionpolicies/status + verbs: + - get diff --git a/chart/templates/evzero-zxporter-controller-manager-metrics-service.yaml b/chart/templates/evzero-zxporter-controller-manager-metrics-service.yaml new file mode 100644 index 00000000..5efa9c24 --- /dev/null +++ b/chart/templates/evzero-zxporter-controller-manager-metrics-service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-controller-manager-metrics-service + labels: + control-plane: controller-manager + {{- include "chart.labels" . | nindent 4 }} +spec: + type: {{ .Values.evzeroZxporterControllerManagerMetricsService.type }} + selector: + control-plane: controller-manager + {{- include "chart.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.evzeroZxporterControllerManagerMetricsService.ports | toYaml | nindent 2 }} diff --git a/chart/templates/evzero-zxporter-env-config.yaml b/chart/templates/evzero-zxporter-env-config.yaml new file mode 100644 index 00000000..976fdabc --- /dev/null +++ b/chart/templates/evzero-zxporter-env-config.yaml @@ -0,0 +1,75 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-env-config + labels: + {{- include "chart.labels" . | nindent 4 }} +data: + BUFFER_SIZE: {{ .Values.evzeroZxporterEnvConfig.bufferSize | quote }} + CLUSTER_TOKEN: {{ .Values.evzeroZxporterEnvConfig.clusterToken | quote }} + COLLECTION_FREQUENCY: {{ .Values.evzeroZxporterEnvConfig.collectionFrequency | + quote }} + DAKR_URL: {{ .Values.evzeroZxporterEnvConfig.dakrUrl | quote }} + DISABLE_NETWORK_IO_METRICS: {{ .Values.evzeroZxporterEnvConfig.disableNetworkIoMetrics + | quote }} + DISABLED_COLLECTORS: {{ .Values.evzeroZxporterEnvConfig.disabledCollectors | quote + }} + EXCLUDED_CLUSTERROLEBINDINGS: {{ .Values.evzeroZxporterEnvConfig.excludedClusterrolebindings + | quote }} + EXCLUDED_CLUSTERROLES: {{ .Values.evzeroZxporterEnvConfig.excludedClusterroles + | quote }} + EXCLUDED_CRDGROUPS: {{ .Values.evzeroZxporterEnvConfig.excludedCrdgroups | quote + }} + EXCLUDED_CRDS: {{ .Values.evzeroZxporterEnvConfig.excludedCrds | quote }} + EXCLUDED_CRONJOBS: {{ .Values.evzeroZxporterEnvConfig.excludedCronjobs | quote + }} + EXCLUDED_DAEMONSETS: {{ .Values.evzeroZxporterEnvConfig.excludedDaemonsets | quote + }} + EXCLUDED_DEPLOYMENTS: {{ .Values.evzeroZxporterEnvConfig.excludedDeployments | + quote }} + EXCLUDED_ENDPOINTS: {{ .Values.evzeroZxporterEnvConfig.excludedEndpoints | quote + }} + EXCLUDED_EVENTS: {{ .Values.evzeroZxporterEnvConfig.excludedEvents | quote }} + EXCLUDED_HPAS: {{ .Values.evzeroZxporterEnvConfig.excludedHpas | quote }} + EXCLUDED_INGRESSCLASSES: {{ .Values.evzeroZxporterEnvConfig.excludedIngressclasses + | quote }} + EXCLUDED_INGRESSES: {{ .Values.evzeroZxporterEnvConfig.excludedIngresses | quote + }} + EXCLUDED_JOBS: {{ .Values.evzeroZxporterEnvConfig.excludedJobs | quote }} + EXCLUDED_LIMITRANGES: {{ .Values.evzeroZxporterEnvConfig.excludedLimitranges | + quote }} + EXCLUDED_NAMESPACES: {{ .Values.evzeroZxporterEnvConfig.excludedNamespaces | quote + }} + EXCLUDED_NETWORKPOLICIES: {{ .Values.evzeroZxporterEnvConfig.excludedNetworkpolicies + | quote }} + EXCLUDED_NODES: {{ .Values.evzeroZxporterEnvConfig.excludedNodes | quote }} + EXCLUDED_PDBS: {{ .Values.evzeroZxporterEnvConfig.excludedPdbs | quote }} + EXCLUDED_PODS: {{ .Values.evzeroZxporterEnvConfig.excludedPods | quote }} + EXCLUDED_PSPS: {{ .Values.evzeroZxporterEnvConfig.excludedPsps | quote }} + EXCLUDED_PVCS: {{ .Values.evzeroZxporterEnvConfig.excludedPvcs | quote }} + EXCLUDED_PVS: {{ .Values.evzeroZxporterEnvConfig.excludedPvs | quote }} + EXCLUDED_REPLICATIONCONTROLLERS: {{ .Values.evzeroZxporterEnvConfig.excludedReplicationcontrollers + | quote }} + EXCLUDED_RESOURCEQUOTAS: {{ .Values.evzeroZxporterEnvConfig.excludedResourcequotas + | quote }} + EXCLUDED_ROLEBINDINGS: {{ .Values.evzeroZxporterEnvConfig.excludedRolebindings + | quote }} + EXCLUDED_ROLES: {{ .Values.evzeroZxporterEnvConfig.excludedRoles | quote }} + EXCLUDED_SERVICEACCOUNTS: {{ .Values.evzeroZxporterEnvConfig.excludedServiceaccounts + | quote }} + EXCLUDED_SERVICES: {{ .Values.evzeroZxporterEnvConfig.excludedServices | quote + }} + EXCLUDED_STATEFULSETS: {{ .Values.evzeroZxporterEnvConfig.excludedStatefulsets + | quote }} + EXCLUDED_STORAGECLASSES: {{ .Values.evzeroZxporterEnvConfig.excludedStorageclasses + | quote }} + EXCLUDED_VPAS: {{ .Values.evzeroZxporterEnvConfig.excludedVpas | quote }} + K8S_PROVIDER: {{ .Values.evzeroZxporterEnvConfig.k8SProvider | quote }} + KUBE_CONTEXT_NAME: {{ .Values.evzeroZxporterEnvConfig.kubeContextName | quote }} + MASK_SECRET_DATA: {{ .Values.evzeroZxporterEnvConfig.maskSecretData | quote }} + NODE_METRICS_INTERVAL: {{ .Values.evzeroZxporterEnvConfig.nodeMetricsInterval | + quote }} + PROMETHEUS_URL: {{ .Values.evzeroZxporterEnvConfig.prometheusUrl | quote }} + TARGET_NAMESPACES: {{ .Values.evzeroZxporterEnvConfig.targetNamespaces | quote + }} + WATCHED_CRDS: {{ .Values.evzeroZxporterEnvConfig.watchedCrds | quote }} diff --git a/chart/templates/evzero-zxporter-leader-election-rbac.yaml b/chart/templates/evzero-zxporter-leader-election-rbac.yaml new file mode 100644 index 00000000..1e00669d --- /dev/null +++ b/chart/templates/evzero-zxporter-leader-election-rbac.yaml @@ -0,0 +1,83 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-leader-election-role + labels: + {{- include "chart.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - deployments + - serviceaccounts + - services + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + - clusterrolebindings + - clusterroles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-leader-election-rolebinding + labels: + {{- include "chart.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "chart.fullname" . }}-evzero-zxporter-leader-election-role' +subjects: +- kind: ServiceAccount + name: '{{ include "chart.fullname" . }}-evzero-zxporter-controller-manager' + namespace: '{{ .Release.Namespace }}' diff --git a/chart/templates/evzero-zxporter-manager-rbac.yaml b/chart/templates/evzero-zxporter-manager-rbac.yaml new file mode 100644 index 00000000..0186309f --- /dev/null +++ b/chart/templates/evzero-zxporter-manager-rbac.yaml @@ -0,0 +1,218 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-manager-role + labels: + {{- include "chart.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - create + - delete + - get + - list + - patch + - update +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - rollouts + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - get + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - namespaces + - nodes + - persistentvolumeclaims + - persistentvolumes + - pods + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes/metrics + - nodes/status + - pods/status + verbs: + - get +- apiGroups: + - datadoghq.com + resources: + - extendeddaemonsetreplicasets + verbs: + - get + - list + - watch +- apiGroups: + - devzero.io + resources: + - collectionpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - devzero.io + resources: + - collectionpolicies/finalizers + verbs: + - update +- apiGroups: + - devzero.io + resources: + - collectionpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - karpenter.k8s.aws + resources: + - awsnodetemplates + - ec2nodeclasses + verbs: + - get + - list + - watch +- apiGroups: + - karpenter.sh + resources: + - machines + - nodeclaims + - nodepools + - provisioners + verbs: + - get + - list + - watch +- apiGroups: + - metrics.k8s.io + resources: + - nodes + - pods + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingressclasses + - ingresses + - networkpolicies + verbs: + - get + - list + - watch +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - role + - rolebindings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + verbs: + - get + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - csinodes + - storageclasses + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-manager-rolebinding + labels: + {{- include "chart.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "chart.fullname" . }}-evzero-zxporter-manager-role' +subjects: +- kind: ServiceAccount + name: '{{ include "chart.fullname" . }}-evzero-zxporter-controller-manager' + namespace: '{{ .Release.Namespace }}' diff --git a/chart/templates/evzero-zxporter-metrics-auth-rbac.yaml b/chart/templates/evzero-zxporter-metrics-auth-rbac.yaml new file mode 100644 index 00000000..aca621e7 --- /dev/null +++ b/chart/templates/evzero-zxporter-metrics-auth-rbac.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-metrics-auth-role + labels: + {{- include "chart.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-metrics-auth-rolebinding + labels: + {{- include "chart.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "chart.fullname" . }}-evzero-zxporter-metrics-auth-role' +subjects: +- kind: ServiceAccount + name: '{{ include "chart.fullname" . }}-evzero-zxporter-controller-manager' + namespace: '{{ .Release.Namespace }}' diff --git a/chart/templates/evzero-zxporter-metrics-reader-rbac.yaml b/chart/templates/evzero-zxporter-metrics-reader-rbac.yaml new file mode 100644 index 00000000..5fc04b40 --- /dev/null +++ b/chart/templates/evzero-zxporter-metrics-reader-rbac.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-metrics-reader + labels: + {{- include "chart.labels" . | nindent 4 }} +rules: +- nonResourceURLs: + - /metrics + verbs: + - get diff --git a/chart/templates/prometheus-dz-prometheus-server-rbac.yaml b/chart/templates/prometheus-dz-prometheus-server-rbac.yaml new file mode 100644 index 00000000..ee132975 --- /dev/null +++ b/chart/templates/prometheus-dz-prometheus-server-rbac.yaml @@ -0,0 +1,63 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "chart.fullname" . }}-prometheus-dz-prometheus-server + labels: + app.kubernetes.io/component: server + app.kubernetes.io/part-of: dz-prometheus + {{- include "chart.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "chart.fullname" . }}-prometheus-dz-prometheus-server + labels: + app.kubernetes.io/component: server + app.kubernetes.io/part-of: dz-prometheus + {{- include "chart.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "chart.fullname" . }}-prometheus-dz-prometheus-server' +subjects: +- kind: ServiceAccount + name: '{{ include "chart.fullname" . }}-prometheus-dz-prometheus-server' + namespace: '{{ .Release.Namespace }}' diff --git a/chart/templates/prometheus-dz-prometheus-server.yaml b/chart/templates/prometheus-dz-prometheus-server.yaml new file mode 100644 index 00000000..3159c92e --- /dev/null +++ b/chart/templates/prometheus-dz-prometheus-server.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "chart.fullname" . }}-prometheus-dz-prometheus-server + labels: + app.kubernetes.io/component: server + app.kubernetes.io/part-of: dz-prometheus + {{- include "chart.labels" . | nindent 4 }} +data: + alerting_rules.yml: {{ .Values.prometheusDzPrometheusServer.alertingRulesYml | + toYaml | indent 1 }} + alerts: {{ .Values.prometheusDzPrometheusServer.alerts | toYaml | indent 1 }} + allow-snippet-annotations: {{ .Values.prometheusDzPrometheusServer.allowSnippetAnnotations + | quote }} + prometheus.yml: {{ .Values.prometheusDzPrometheusServer.prometheusYml | toYaml + | indent 1 }} + recording_rules.yml: {{ .Values.prometheusDzPrometheusServer.recordingRulesYml + | toYaml | indent 1 }} + rules: {{ .Values.prometheusDzPrometheusServer.rules | toYaml | indent 1 }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chart.fullname" . }}-prometheus-dz-prometheus-server + labels: + app.kubernetes.io/component: server + app.kubernetes.io/part-of: dz-prometheus + {{- include "chart.labels" . | nindent 4 }} +spec: + type: {{ .Values.prometheusDzPrometheusServer.type }} + selector: + app.kubernetes.io/component: server + app.kubernetes.io/instance: prometheus + app.kubernetes.io/name: dz-prometheus + {{- include "chart.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.prometheusDzPrometheusServer.ports | toYaml | nindent 2 }} diff --git a/chart/templates/prometheus-kube-state-metrics-rbac.yaml b/chart/templates/prometheus-kube-state-metrics-rbac.yaml new file mode 100644 index 00000000..d1666575 --- /dev/null +++ b/chart/templates/prometheus-kube-state-metrics-rbac.yaml @@ -0,0 +1,33 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "chart.fullname" . }}-prometheus-kube-state-metrics + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + {{- include "chart.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "chart.fullname" . }}-prometheus-kube-state-metrics + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + {{- include "chart.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "chart.fullname" . }}-prometheus-kube-state-metrics' +subjects: +- kind: ServiceAccount + name: '{{ include "chart.fullname" . }}-prometheus-kube-state-metrics' + namespace: '{{ .Release.Namespace }}' diff --git a/chart/templates/prometheus-kube-state-metrics.yaml b/chart/templates/prometheus-kube-state-metrics.yaml new file mode 100644 index 00000000..430d221f --- /dev/null +++ b/chart/templates/prometheus-kube-state-metrics.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chart.fullname" . }}-prometheus-kube-state-metrics + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + {{- include "chart.labels" . | nindent 4 }} + annotations: + prometheus.io/scrape: "true" +spec: + type: {{ .Values.prometheusKubeStateMetrics.type }} + selector: + app.kubernetes.io/instance: prometheus + app.kubernetes.io/name: kube-state-metrics + {{- include "chart.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.prometheusKubeStateMetrics.ports | toYaml | nindent 2 }} diff --git a/chart/templates/serviceaccount.yaml b/chart/templates/serviceaccount.yaml new file mode 100644 index 00000000..c60a2893 --- /dev/null +++ b/chart/templates/serviceaccount.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.fullname" . }}-prometheus-kube-state-metrics + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: kube-state-metrics + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.prometheusKubeStateMetrics.serviceAccount.annotations | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.fullname" . }}-prometheus-dz-prometheus-server + labels: + app.kubernetes.io/component: server + app.kubernetes.io/part-of: dz-prometheus + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.prometheusDzPrometheusServer.serviceAccount.annotations | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.fullname" . }}-z-prometheus-node-exporter + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: dz-prometheus-node-exporter + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.zPrometheusNodeExporter.serviceAccount.annotations | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "chart.fullname" . }}-evzero-zxporter-controller-manager + labels: + {{- include "chart.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.evzeroZxporterControllerManager.serviceAccount.annotations | nindent 4 }} diff --git a/chart/templates/z-prometheus-node-exporter.yaml b/chart/templates/z-prometheus-node-exporter.yaml new file mode 100644 index 00000000..5c699219 --- /dev/null +++ b/chart/templates/z-prometheus-node-exporter.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chart.fullname" . }}-z-prometheus-node-exporter + labels: + app.kubernetes.io/component: metrics + app.kubernetes.io/part-of: dz-prometheus-node-exporter + {{- include "chart.labels" . | nindent 4 }} + annotations: + prometheus.io/scrape: "true" +spec: + type: {{ .Values.zPrometheusNodeExporter.type }} + selector: + app.kubernetes.io/instance: node-exporter + app.kubernetes.io/name: dz-prometheus-node-exporter + {{- include "chart.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.zPrometheusNodeExporter.ports | toYaml | nindent 2 }} diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 00000000..bc01c399 --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,233 @@ +evzeroZxporterControllerManager: + manager: + args: + - --metrics-bind-address=:8443 + - --leader-elect + - --health-probe-bind-address=:8081 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: ttl.sh/zxporter + tag: latest + resources: + requests: + cpu: 200m + memory: 128Mi + podSecurityContext: + runAsNonRoot: true + replicas: 1 + serviceAccount: + annotations: {} +evzeroZxporterControllerManagerMetricsService: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + type: ClusterIP +evzeroZxporterEnvConfig: + bufferSize: "" + clusterToken: '{{ .cluster_token }}' + collectionFrequency: "" + dakrUrl: https://api.devzero.io/dakr + disableNetworkIoMetrics: "" + disabledCollectors: "" + excludedClusterrolebindings: "" + excludedClusterroles: "" + excludedCrdgroups: "" + excludedCrds: "" + excludedCronjobs: "" + excludedDaemonsets: "" + excludedDeployments: "" + excludedEndpoints: "" + excludedEvents: "" + excludedHpas: "" + excludedIngressclasses: "" + excludedIngresses: "" + excludedJobs: "" + excludedLimitranges: "" + excludedNamespaces: "" + excludedNetworkpolicies: "" + excludedNodes: "" + excludedPdbs: "" + excludedPods: "" + excludedPsps: "" + excludedPvcs: "" + excludedPvs: "" + excludedReplicationcontrollers: "" + excludedResourcequotas: "" + excludedRolebindings: "" + excludedRoles: "" + excludedServiceaccounts: "" + excludedServices: "" + excludedStatefulsets: "" + excludedStorageclasses: "" + excludedVpas: "" + k8SProvider: '{{ .k8s_provider }}' + kubeContextName: '{{ .kube_context_name }}' + maskSecretData: "" + nodeMetricsInterval: "" + prometheusUrl: http://prometheus-dz-prometheus-server.devzero-zxporter.svc.cluster.local:80 + targetNamespaces: "" + watchedCrds: "" +kubernetesClusterDomain: cluster.local +prometheusDzPrometheusServer: + alertingRulesYml: '{}' + alerts: '{}' + allowSnippetAnnotations: "false" + dzPrometheusServer: + args: + - --storage.tsdb.retention.time=15d + - --config.file=/etc/config/prometheus.yml + - --storage.tsdb.path=/data + - --web.console.libraries=/etc/prometheus/console_libraries + - --web.console.templates=/etc/prometheus/consoles + - --web.enable-lifecycle + image: + repository: quay.io/prometheus/prometheus + tag: v2.48.0 + imagePullPolicy: IfNotPresent + dzPrometheusServerConfigmapReload: + args: + - --watched-dir=/etc/config + - --reload-url=http://127.0.0.1:9090/-/reload + image: + repository: quay.io/prometheus-operator/prometheus-config-reloader + tag: v0.67.0 + imagePullPolicy: IfNotPresent + podSecurityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 9090 + prometheusYml: |- + global: + evaluation_interval: 1m + scrape_interval: 1m + scrape_timeout: 10s + rule_files: + - /etc/config/recording_rules.yml + - /etc/config/alerting_rules.yml + - /etc/config/rules + - /etc/config/alerts + scrape_configs: + - job_name: prometheus + static_configs: + - targets: + - localhost:9090 + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-nodes + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - replacement: kubernetes.default.svc:443 + target_label: __address__ + - regex: (.+) + replacement: /api/v1/nodes/$1/proxy/metrics + source_labels: + - __meta_kubernetes_node_name + target_label: __metrics_path__ + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token + job_name: kubernetes-nodes-cadvisor + kubernetes_sd_configs: + - role: node + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - replacement: kubernetes.default.svc:443 + target_label: __address__ + - regex: (.+) + replacement: /api/v1/nodes/$1/proxy/metrics/cadvisor + source_labels: + - __meta_kubernetes_node_name + target_label: __metrics_path__ + scheme: https + tls_config: + ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + recordingRulesYml: '{}' + replicas: 1 + revisionHistoryLimit: 10 + rules: '{}' + serviceAccount: + annotations: {} + strategy: + type: Recreate + type: ClusterIP +prometheusKubeStateMetrics: + kubeStateMetrics: + args: + - --port=8080 + - --resources=nodes + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: registry.k8s.io/kube-state-metrics/kube-state-metrics + tag: v2.10.1 + imagePullPolicy: IfNotPresent + podSecurityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + seccompProfile: + type: RuntimeDefault + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + replicas: 1 + revisionHistoryLimit: 10 + serviceAccount: + annotations: {} + strategy: + type: RollingUpdate + type: ClusterIP +zPrometheusNodeExporter: + nodeExporter: + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + - --path.rootfs=/host/root + - --path.udev.data=/host/root/run/udev/data + - --web.listen-address=[$(HOST_IP)]:9101 + containerSecurityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + env: + hostIp: 0.0.0.0 + image: + repository: quay.io/prometheus/node-exporter + tag: v1.7.0 + imagePullPolicy: IfNotPresent + nodeSelector: + kubernetes.io/os: linux + podSecurityContext: + fsGroup: 65534 + runAsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + ports: + - name: metrics + port: 9101 + protocol: TCP + targetPort: 9101 + serviceAccount: + annotations: {} + type: ClusterIP