Skip to content
Snippets Groups Projects
Commit 6430acf9 authored by Kemal Akkoyun's avatar Kemal Akkoyun
Browse files

Remove ksonnet from prometheus-adapter/prometheus-adapter.libsonnet 


Signed-off-by: default avatarKemal Akkoyun <kakkoyun@gmail.com>
parent 7f500041
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
jsonnet/kube-prometheus/prometheus-adapter/prometheus-adapter.libsonnet
+ 208
193
View file @ 6430acf9
local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
{ {
_config+:: { _config+:: {
namespace: 'default', namespace: 'default',
versions+:: { versions+:: { prometheusAdapter: 'v0.8.2' },
prometheusAdapter: 'v0.8.2', imageRepos+:: { prometheusAdapter: 'directxman12/k8s-prometheus-adapter' },
},
imageRepos+:: {
prometheusAdapter: 'directxman12/k8s-prometheus-adapter',
},
prometheusAdapter+:: { prometheusAdapter+:: {
name: 'prometheus-adapter', name: 'prometheus-adapter',
...@@ -24,239 +17,261 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'; ...@@ -24,239 +17,261 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)', nodeQuery: 'sum(1 - irate(node_cpu_seconds_total{mode="idle"}[5m]) * on(namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:{<<.LabelMatchers>>}) by (<<.GroupBy>>)',
resources: { resources: {
overrides: { overrides: {
node: { node: { resource: 'node' },
resource: 'node' namespace: { resource: 'namespace' },
}, pod: { resource: 'pod' },
namespace: {
resource: 'namespace'
},
pod: {
resource: 'pod'
},
}, },
}, },
containerLabel: 'container' containerLabel: 'container',
}, },
memory: { memory: {
containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}) by (<<.GroupBy>>)', containerQuery: 'sum(container_memory_working_set_bytes{<<.LabelMatchers>>,container!="POD",container!="",pod!=""}) by (<<.GroupBy>>)',
nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)', nodeQuery: 'sum(node_memory_MemTotal_bytes{job="node-exporter",<<.LabelMatchers>>} - node_memory_MemAvailable_bytes{job="node-exporter",<<.LabelMatchers>>}) by (<<.GroupBy>>)',
resources: { resources: {
overrides: { overrides: {
instance: { instance: { resource: 'node' },
resource: 'node' namespace: { resource: 'namespace' },
}, pod: { resource: 'pod' },
namespace: {
resource: 'namespace'
},
pod: {
resource: 'pod'
},
}, },
}, },
containerLabel: 'container' containerLabel: 'container',
}, },
window: '5m', window: '5m',
}, },
} },
}, },
}, },
prometheusAdapter+:: { prometheusAdapter+:: {
apiService: apiService: {
{ apiVersion: 'apiregistration.k8s.io/v1',
apiVersion: 'apiregistration.k8s.io/v1', kind: 'APIService',
kind: 'APIService', metadata: {
metadata: { name: 'v1beta1.metrics.k8s.io',
name: 'v1beta1.metrics.k8s.io', },
}, spec: {
spec: { service: {
service: { name: $.prometheusAdapter.service.metadata.name,
name: $.prometheusAdapter.service.metadata.name, namespace: $._config.prometheusAdapter.namespace,
namespace: $._config.prometheusAdapter.namespace,
},
group: 'metrics.k8s.io',
version: 'v1beta1',
insecureSkipTLSVerify: true,
groupPriorityMinimum: 100,
versionPriority: 100,
}, },
group: 'metrics.k8s.io',
version: 'v1beta1',
insecureSkipTLSVerify: true,
groupPriorityMinimum: 100,
versionPriority: 100,
}, },
},
configMap: configMap: {
local configmap = k.core.v1.configMap; apiVersion: 'v1',
configmap.new('adapter-config', { 'config.yaml': std.manifestYamlDoc($._config.prometheusAdapter.config) }) + kind: 'ConfigMap',
metadata: {
configmap.mixin.metadata.withNamespace($._config.prometheusAdapter.namespace), name: 'adapter-config',
namespace: $._config.prometheusAdapter.namespace,
},
data: { 'config.yaml': std.manifestYamlDoc($._config.prometheusAdapter.config) },
},
serviceMonitor: serviceMonitor: {
{ apiVersion: 'monitoring.coreos.com/v1',
apiVersion: 'monitoring.coreos.com/v1', kind: 'ServiceMonitor',
kind: 'ServiceMonitor', metadata: {
metadata: { name: $._config.prometheusAdapter.name,
name: $._config.prometheusAdapter.name, namespace: $._config.prometheusAdapter.namespace,
namespace: $._config.prometheusAdapter.namespace, labels: $._config.prometheusAdapter.labels,
labels: $._config.prometheusAdapter.labels, },
spec: {
selector: {
matchLabels: $._config.prometheusAdapter.labels,
}, },
spec: { endpoints: [
selector: { {
matchLabels: $._config.prometheusAdapter.labels, port: 'https',
}, interval: '30s',
endpoints: [ scheme: 'https',
{ tlsConfig: {
port: 'https', insecureSkipVerify: true,
interval: '30s',
scheme: 'https',
tlsConfig: {
insecureSkipVerify: true,
},
bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
}, },
], bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
}, },
],
}, },
},
service: service: {
local service = k.core.v1.service; apiVersion: 'v1',
local servicePort = k.core.v1.service.mixin.spec.portsType; kind: 'Service',
metadata: {
service.new( name: $._config.prometheusAdapter.name,
$._config.prometheusAdapter.name, namespace: $._config.prometheusAdapter.namespace,
$._config.prometheusAdapter.labels, labels: $._config.prometheusAdapter.labels,
servicePort.newNamed('https', 443, 6443), },
) + spec: {
service.mixin.metadata.withNamespace($._config.prometheusAdapter.namespace) + ports: [
service.mixin.metadata.withLabels($._config.prometheusAdapter.labels), { name: 'https', targetPort: 6443, port: 443 },
],
selector: $._config.prometheusAdapter.labels,
},
},
deployment: deployment:
local deployment = k.apps.v1.deployment; local c = {
local volume = deployment.mixin.spec.template.spec.volumesType; name: $._config.prometheusAdapter.name,
local container = deployment.mixin.spec.template.spec.containersType; image: $._config.imageRepos.prometheusAdapter + ':' + $._config.versions.prometheusAdapter,
local containerVolumeMount = container.volumeMountsType; args: [
local c =
container.new($._config.prometheusAdapter.name, $._config.imageRepos.prometheusAdapter + ':' + $._config.versions.prometheusAdapter) +
container.withArgs([
'--cert-dir=/var/run/serving-cert', '--cert-dir=/var/run/serving-cert',
'--config=/etc/adapter/config.yaml', '--config=/etc/adapter/config.yaml',
'--logtostderr=true', '--logtostderr=true',
'--metrics-relist-interval=1m', '--metrics-relist-interval=1m',
'--prometheus-url=' + $._config.prometheusAdapter.prometheusURL, '--prometheus-url=' + $._config.prometheusAdapter.prometheusURL,
'--secure-port=6443', '--secure-port=6443',
]) + ],
container.withPorts([{ containerPort: 6443 }]) + ports: [{ containerPort: 6443 }],
container.withVolumeMounts([ volumeMounts: [
containerVolumeMount.new('tmpfs', '/tmp'), { name: 'tmpfs', mountPath: '/tmp', readOnly: false },
containerVolumeMount.new('volume-serving-cert', '/var/run/serving-cert'), { name: 'volume-serving-cert', mountPath: '/var/run/serving-cert', readOnly: false },
containerVolumeMount.new('config', '/etc/adapter'), { name: 'config', mountPath: '/etc/adapter', readOnly: false },
],); ],
};
deployment.new($._config.prometheusAdapter.name, 1, c, $._config.prometheusAdapter.labels) +
deployment.mixin.metadata.withNamespace($._config.prometheusAdapter.namespace) +
deployment.mixin.spec.selector.withMatchLabels($._config.prometheusAdapter.labels) +
deployment.mixin.spec.template.spec.withServiceAccountName($.prometheusAdapter.serviceAccount.metadata.name) +
deployment.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) +
deployment.mixin.spec.strategy.rollingUpdate.withMaxSurge(1) +
deployment.mixin.spec.strategy.rollingUpdate.withMaxUnavailable(0) +
deployment.mixin.spec.template.spec.withVolumes([
volume.fromEmptyDir(name='tmpfs'),
volume.fromEmptyDir(name='volume-serving-cert'),
{ name: 'config', configMap: { name: 'adapter-config' } },
]),
serviceAccount:
local serviceAccount = k.core.v1.serviceAccount;
serviceAccount.new($._config.prometheusAdapter.name) +
serviceAccount.mixin.metadata.withNamespace($._config.prometheusAdapter.namespace),
clusterRole: {
local clusterRole = k.rbac.v1.clusterRole; apiVersion: 'apps/v1',
local policyRule = clusterRole.rulesType; kind: 'Deployment',
metadata: {
local rules = name: $._config.prometheusAdapter.name,
policyRule.new() + namespace: $._config.prometheusAdapter.namespace,
policyRule.withApiGroups(['']) + },
policyRule.withResources(['nodes', 'namespaces', 'pods', 'services']) + spec: {
policyRule.withVerbs(['get', 'list', 'watch']); replicas: 1,
selector: { matchLabels: $._config.prometheusAdapter.labels },
strategy: {
rollingUpdate: {
maxSurge: 1,
maxUnavailable: 0,
},
},
template: {
metadata: { labels: $._config.prometheusAdapter.labels },
spec: {
containers: [c],
serviceAccountName: $.prometheusAdapter.serviceAccount.metadata.name,
nodeSelector: { 'kubernetes.io/os': 'linux' },
volumes: [
{ name: 'tmpfs', emptyDir: {} },
{ name: 'volume-serving-cert', emptyDir: {} },
{ name: 'config', configMap: { name: 'adapter-config' } },
],
},
},
},
},
clusterRole.new() + serviceAccount: {
clusterRole.mixin.metadata.withName($._config.prometheusAdapter.name) + apiVersion: 'v1',
clusterRole.withRules(rules), kind: 'ServiceAccount',
metadata: {
name: $._config.prometheusAdapter.name,
namespace: $._config.prometheusAdapter.namespace,
},
},
clusterRoleBinding: clusterRole: {
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding; apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
name: $._config.prometheusAdapter.name,
},
rules: [{
apiGroups: [''],
resources: ['nodes', 'namespaces', 'pods', 'services'],
verbs: ['get', 'list', 'watch'],
}],
},
clusterRoleBinding.new() + clusterRoleBinding: {
clusterRoleBinding.mixin.metadata.withName($._config.prometheusAdapter.name) + apiVersion: 'rbac.authorization.k8s.io/v1',
clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + kind: 'ClusterRoleBinding',
clusterRoleBinding.mixin.roleRef.withName($.prometheusAdapter.clusterRole.metadata.name) + metadata: {
clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + name: $._config.prometheusAdapter.name,
clusterRoleBinding.withSubjects([{ },
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: $.prometheusAdapter.clusterRole.metadata.name,
},
subjects: [{
kind: 'ServiceAccount', kind: 'ServiceAccount',
name: $.prometheusAdapter.serviceAccount.metadata.name, name: $.prometheusAdapter.serviceAccount.metadata.name,
namespace: $._config.prometheusAdapter.namespace, namespace: $._config.prometheusAdapter.namespace,
}]), }],
},
clusterRoleBindingDelegator:
local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
clusterRoleBinding.new() + clusterRoleBindingDelegator: {
clusterRoleBinding.mixin.metadata.withName('resource-metrics:system:auth-delegator') + apiVersion: 'rbac.authorization.k8s.io/v1',
clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + kind: 'ClusterRoleBinding',
clusterRoleBinding.mixin.roleRef.withName('system:auth-delegator') + metadata: {
clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) + name: 'resource-metrics:system:auth-delegator',
clusterRoleBinding.withSubjects([{ },
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'ClusterRole',
name: 'system:auth-delegator',
},
subjects: [{
kind: 'ServiceAccount', kind: 'ServiceAccount',
name: $.prometheusAdapter.serviceAccount.metadata.name, name: $.prometheusAdapter.serviceAccount.metadata.name,
namespace: $._config.prometheusAdapter.namespace, namespace: $._config.prometheusAdapter.namespace,
}]), }],
},
clusterRoleServerResources:
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local rules =
policyRule.new() +
policyRule.withApiGroups(['metrics.k8s.io']) +
policyRule.withResources(['*']) +
policyRule.withVerbs(['*']);
clusterRole.new() +
clusterRole.mixin.metadata.withName('resource-metrics-server-resources') +
clusterRole.withRules(rules),
clusterRoleAggregatedMetricsReader:
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local rules =
policyRule.new() +
policyRule.withApiGroups(['metrics.k8s.io']) +
policyRule.withResources(['pods', 'nodes']) +
policyRule.withVerbs(['get','list','watch']);
clusterRole.new() + clusterRoleServerResources: {
clusterRole.mixin.metadata.withName('system:aggregated-metrics-reader') + apiVersion: 'rbac.authorization.k8s.io/v1',
clusterRole.mixin.metadata.withLabels({ kind: 'ClusterRole',
"rbac.authorization.k8s.io/aggregate-to-admin": "true", metadata: {
"rbac.authorization.k8s.io/aggregate-to-edit": "true", name: 'resource-metrics-server-resources',
"rbac.authorization.k8s.io/aggregate-to-view": "true", },
}) + rules: [{
clusterRole.withRules(rules), apiGroups: ['metrics.k8s.io'],
resources: ['*'],
verbs: ['*'],
}],
},
roleBindingAuthReader: clusterRoleAggregatedMetricsReader: {
local roleBinding = k.rbac.v1.roleBinding; apiVersion: 'rbac.authorization.k8s.io/v1',
kind: 'ClusterRole',
metadata: {
name: 'system:aggregated-metrics-reader',
labels: {
'rbac.authorization.k8s.io/aggregate-to-admin': 'true',
'rbac.authorization.k8s.io/aggregate-to-edit': 'true',
'rbac.authorization.k8s.io/aggregate-to-view': 'true',
},
},
rules: [{
apiGroups: ['metrics.k8s.io'],
resources: ['pods', 'nodes'],
verbs: ['get', 'list', 'watch'],
}],
},
roleBinding.new() + roleBindingAuthReader: {
roleBinding.mixin.metadata.withName('resource-metrics-auth-reader') + apiVersion: 'rbac.authorization.k8s.io/v1',
roleBinding.mixin.metadata.withNamespace('kube-system') + kind: 'RoleBinding',
roleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') + metadata: {
roleBinding.mixin.roleRef.withName('extension-apiserver-authentication-reader') + name: 'resource-metrics-auth-reader',
roleBinding.mixin.roleRef.mixinInstance({ kind: 'Role' }) + namespace: 'kube-system',
roleBinding.withSubjects([{ },
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
kind: 'Role',
name: 'extension-apiserver-authentication-reader',
},
subjects: [{
kind: 'ServiceAccount', kind: 'ServiceAccount',
name: $.prometheusAdapter.serviceAccount.metadata.name, name: $.prometheusAdapter.serviceAccount.metadata.name,
namespace: $._config.prometheusAdapter.namespace, namespace: $._config.prometheusAdapter.namespace,
}]), }],
},
}, },
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment