diff --git a/jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet b/jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet
new file mode 100644
index 0000000000000000000000000000000000000000..61e7aaa41f612d8c5dfa2a65261f82c72cab0a02
--- /dev/null
+++ b/jsonnet/kube-prometheus/addons/aws-vpc-cni.libsonnet
@@ -0,0 +1,110 @@
+{
+ values+:: {
+ awsVpcCni: {
+ // `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`.
+ //
+ // References:
+ // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md
+ // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71
+ minimumWarmIPs: 10,
+ minimumWarmIPsTime: '10m',
+ },
+ },
+ kubernetesControlPlane+: {
+ serviceAwsVpcCni: {
+ apiVersion: 'v1',
+ kind: 'Service',
+ metadata: {
+ name: 'aws-node',
+ namespace: 'kube-system',
+ labels: { 'app.kubernetes.io/name': 'aws-node' },
+ },
+ spec: {
+ ports: [
+ {
+ name: 'cni-metrics-port',
+ port: 61678,
+ targetPort: 61678,
+ },
+ ],
+ selector: { 'app.kubernetes.io/name': 'aws-node' },
+ clusterIP: 'None',
+ },
+ },
+
+ serviceMonitorAwsVpcCni: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'ServiceMonitor',
+ metadata: {
+ name: 'aws-node',
+ namespace: $.values.common.namespace,
+ labels: {
+ 'app.kubernetes.io/name': 'aws-node',
+ },
+ },
+ spec: {
+ jobLabel: 'app.kubernetes.io/name',
+ selector: {
+ matchLabels: {
+ 'app.kubernetes.io/name': 'aws-node',
+ },
+ },
+ namespaceSelector: {
+ matchNames: [
+ 'kube-system',
+ ],
+ },
+ endpoints: [
+ {
+ port: 'cni-metrics-port',
+ interval: '30s',
+ path: '/metrics',
+ relabelings: [
+ {
+ action: 'replace',
+ regex: '(.*)',
+ replacement: '$1',
+ sourceLabels: ['__meta_kubernetes_pod_node_name'],
+ targetLabel: 'instance',
+ },
+ ],
+ },
+ ],
+ },
+ },
+
+ prometheusRuleAwsVpcCni: {
+ apiVersion: 'monitoring.coreos.com/v1',
+ kind: 'PrometheusRule',
+ metadata: {
+ labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels,
+ name: 'aws-vpc-cni-rules',
+ namespace: $.prometheus._config.namespace,
+ },
+ spec: {
+ groups: [
+ {
+ name: 'aws-vpc-cni.rules',
+ rules: [
+ {
+ expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs,
+ labels: {
+ severity: 'critical',
+ },
+ annotations: {
+ summary: 'AWS VPC CNI has a low warm IP pool',
+ description: |||
+ Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s.
+ It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API.
+ ||| % $.values.awsVpcCni.minimumWarmIPs,
+ },
+ 'for': $.values.awsVpcCni.minimumWarmIPsTime,
+ alert: 'AwsVpcCniWarmIPsLow',
+ },
+ ],
+ },
+ ],
+ },
+ },
+ },
+}
diff --git a/jsonnet/kube-prometheus/platforms/eks.libsonnet b/jsonnet/kube-prometheus/platforms/eks.libsonnet
index ad1888379fc1a6a267ab5279c59728148938404a..f46709f2faa24510eada52a1981bbb19a1fad493 100644
--- a/jsonnet/kube-prometheus/platforms/eks.libsonnet
+++ b/jsonnet/kube-prometheus/platforms/eks.libsonnet
@@ -1,15 +1,5 @@
+(import '../addons/aws-vpc-cni.libsonnet') +
(import '../addons/managed-cluster.libsonnet') + {
- values+:: {
- awsVpcCni: {
- // `minimumWarmIPs` should be inferior or equal to `WARM_IP_TARGET`.
- //
- // References:
- // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/docs/eni-and-ip-target.md
- // https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.9.0/pkg/ipamd/ipamd.go#L61-L71
- minimumWarmIPs: 10,
- minimumWarmIPsTime: '10m',
- },
- },
kubernetesControlPlane+: {
serviceMonitorCoreDNS+: {
spec+: {
@@ -22,101 +12,5 @@
],
},
},
-
- serviceAwsVpcCniMetrics: {
- apiVersion: 'v1',
- kind: 'Service',
- metadata: {
- name: 'aws-node',
- namespace: 'kube-system',
- labels: { 'app.kubernetes.io/name': 'aws-node' },
- },
- spec: {
- ports: [
- {
- name: 'cni-metrics-port',
- port: 61678,
- targetPort: 61678,
- },
- ],
- selector: { 'app.kubernetes.io/name': 'aws-node' },
- clusterIP: 'None',
- },
- },
-
- serviceMonitorAwsVpcCni: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'ServiceMonitor',
- metadata: {
- name: 'aws-node',
- namespace: $.values.common.namespace,
- labels: {
- 'app.kubernetes.io/name': 'aws-node',
- },
- },
- spec: {
- jobLabel: 'app.kubernetes.io/name',
- selector: {
- matchLabels: {
- 'app.kubernetes.io/name': 'aws-node',
- },
- },
- namespaceSelector: {
- matchNames: [
- 'kube-system',
- ],
- },
- endpoints: [
- {
- port: 'cni-metrics-port',
- interval: '30s',
- path: '/metrics',
- relabelings: [
- {
- action: 'replace',
- regex: '(.*)',
- replacement: '$1',
- sourceLabels: ['__meta_kubernetes_pod_node_name'],
- targetLabel: 'instance',
- },
- ],
- },
- ],
- },
- },
-
- prometheusRuleAwsVpcCni: {
- apiVersion: 'monitoring.coreos.com/v1',
- kind: 'PrometheusRule',
- metadata: {
- labels: $.prometheus._config.commonLabels + $.prometheus._config.mixin.ruleLabels,
- name: 'aws-vpc-cni-rules',
- namespace: $.prometheus._config.namespace,
- },
- spec: {
- groups: [
- {
- name: 'kube-prometheus-aws-vpc-cni.rules',
- rules: [
- {
- expr: 'sum by(instance) (awscni_total_ip_addresses) - sum by(instance) (awscni_assigned_ip_addresses) < %s' % $.values.awsVpcCni.minimumWarmIPs,
- labels: {
- severity: 'critical',
- },
- annotations: {
- summary: 'AWS VPC CNI has a low warm IP pool',
- description: |||
- Instance {{ $labels.instance }} has only {{ $value }} warm IPs which is lower than set threshold of %s.
- It could mean the current subnet is out of available IP addresses or the CNI is unable to request them from the EC2 API.
- ||| % $.values.awsVpcCni.minimumWarmIPs,
- },
- 'for': $.values.awsVpcCni.minimumWarmIPsTime,
- alert: 'AwsVpcCniWarmIPsLow',
- },
- ],
- },
- ],
- },
- },
},
}