Merge pull request #793 from kakkoyun/ksonnet_no_more_15

Remove ksonnet from node-exporter/node-exporter.libsonnet

Merge pull request #793 from kakkoyun/ksonnet_no_more_15
7f500041 · Paweł Krupa · GitHub · 2cc09fb2 · 5005f4ac · 7f500041
Unverified Commit 7f500041 authored 4 years ago by Paweł Krupa Committed by GitHub 4 years ago
--- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
-local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
 {
  _config+:: {
    namespace: 'default',
+    versions+:: { nodeExporter: 'v1.0.1' },
-    versions+:: {
+    imageRepos+:: { nodeExporter: 'quay.io/prometheus/node-exporter' },
-      nodeExporter: 'v1.0.1',
-    },
-    imageRepos+:: {
-      nodeExporter: 'quay.io/prometheus/node-exporter',
-    },
    nodeExporter+:: {
      listenAddress: '127.0.0.1',
@@ -28,76 +20,49 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
  },
  nodeExporter+:: {
-    clusterRoleBinding:
+    clusterRoleBinding: {
-      local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'ClusterRoleBinding',
-      clusterRoleBinding.new() +
+      metadata: {
-      clusterRoleBinding.mixin.metadata.withName('node-exporter') +
+        name: 'node-exporter',
-      clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') +
+      },
-      clusterRoleBinding.mixin.roleRef.withName('node-exporter') +
+      roleRef: {
-      clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) +
+        apiGroup: 'rbac.authorization.k8s.io',
-      clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'node-exporter', namespace: $._config.namespace }]),
+        kind: 'ClusterRole',
+        name: 'node-exporter',
-    clusterRole:
+      },
-      local clusterRole = k.rbac.v1.clusterRole;
+      subjects: [{
-      local policyRule = clusterRole.rulesType;
+        kind: 'ServiceAccount',
+        name: 'node-exporter',
-      local authenticationRole = policyRule.new() +
+        namespace: $._config.namespace,
-                                 policyRule.withApiGroups(['authentication.k8s.io']) +
+      }],
-                                 policyRule.withResources([
+    },
-                                   'tokenreviews',
-                                 ]) +
-                                 policyRule.withVerbs(['create']);
-      local authorizationRole = policyRule.new() +
-                                policyRule.withApiGroups(['authorization.k8s.io']) +
-                                policyRule.withResources([
-                                  'subjectaccessreviews',
-                                ]) +
-                                policyRule.withVerbs(['create']);
-      local rules = [authenticationRole, authorizationRole];
-      clusterRole.new() +
+    clusterRole: {
-      clusterRole.mixin.metadata.withName('node-exporter') +
+      apiVersion: 'rbac.authorization.k8s.io/v1',
-      clusterRole.withRules(rules),
+      kind: 'ClusterRole',
+      metadata: {
+        name: 'node-exporter',
+      },
+      rules: [
+        {
+          apiGroups: ['authentication.k8s.io'],
+          resources: ['tokenreviews'],
+          verbs: ['create'],
+        },
+        {
+          apiGroups: ['authorization.k8s.io'],
+          resources: ['subjectaccessreviews'],
+          verbs: ['create'],
+        },
+      ],
+    },
    daemonset:
-      local daemonset = k.apps.v1.daemonSet;
+      local nodeExporter = {
-      local container = daemonset.mixin.spec.template.spec.containersType;
+        name: 'node-exporter',
-      local volume = daemonset.mixin.spec.template.spec.volumesType;
+        image: $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter,
-      local containerPort = container.portsType;
+        args: [
-      local containerVolumeMount = container.volumeMountsType;
-      local podSelector = daemonset.mixin.spec.template.spec.selectorType;
-      local toleration = daemonset.mixin.spec.template.spec.tolerationsType;
-      local containerEnv = container.envType;
-      local podLabels = $._config.nodeExporter.labels;
-      local selectorLabels = $._config.nodeExporter.selectorLabels;
-      local existsToleration = toleration.new() +
-                               toleration.withOperator('Exists');
-      local procVolumeName = 'proc';
-      local procVolume = volume.fromHostPath(procVolumeName, '/proc');
-      local procVolumeMount = containerVolumeMount.new(procVolumeName, '/host/proc').
-        withMountPropagation('HostToContainer').
-        withReadOnly(true);
-      local sysVolumeName = 'sys';
-      local sysVolume = volume.fromHostPath(sysVolumeName, '/sys');
-      local sysVolumeMount = containerVolumeMount.new(sysVolumeName, '/host/sys').
-        withMountPropagation('HostToContainer').
-        withReadOnly(true);
-      local rootVolumeName = 'root';
-      local rootVolume = volume.fromHostPath(rootVolumeName, '/');
-      local rootVolumeMount = containerVolumeMount.new(rootVolumeName, '/host/root').
-        withMountPropagation('HostToContainer').
-        withReadOnly(true);
-      local nodeExporter =
-        container.new('node-exporter', $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter) +
-        container.withArgs([
          '--web.listen-address=' + std.join(':', [$._config.nodeExporter.listenAddress, std.toString($._config.nodeExporter.port)]),
          '--path.procfs=/host/proc',
          '--path.sysfs=/host/sys',
@@ -105,20 +70,27 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
          '--no-collector.wifi',
          '--no-collector.hwmon',
          '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)',
-        ]) +
+        ],
-        container.withVolumeMounts([procVolumeMount, sysVolumeMount, rootVolumeMount]) +
+        volumeMounts: [
-        container.mixin.resources.withRequests($._config.resources['node-exporter'].requests) +
+          { name: 'proc', mountPath: '/host/proc', mountPropagation: 'HostToContainer', readOnly: true },
-        container.mixin.resources.withLimits($._config.resources['node-exporter'].limits);
+          { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true },
+          { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true },
-      local ip = containerEnv.fromFieldPath('IP', 'status.podIP');
+        ],
-      local proxy =
+        resources: $._config.resources['node-exporter'],
-        container.new('kube-rbac-proxy', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
+      };
-        container.withArgs([
+      local proxy = {
+        name: 'kube-rbac-proxy',
+        image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
+        args: [
          '--logtostderr',
          '--secure-listen-address=[$(IP)]:' + $._config.nodeExporter.port,
          '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
          '--upstream=http://127.0.0.1:' + $._config.nodeExporter.port + '/',
-        ]) +
+        ],
+        env: [
+          { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } },
+        ],
        // Keep `hostPort` here, rather than in the node-exporter container
        // because Kubernetes mandates that if you define a `hostPort` then
        // `containerPort` must match. In our case, we are splitting the
@@ -127,82 +99,109 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
        // used by the service is tied to the proxy container. We *could*
        // forgo declaring the host port, however it is important to declare
        // it so that the scheduler can decide if the pod is schedulable.
-        container.withPorts(containerPort.new($._config.nodeExporter.port) + containerPort.withHostPort($._config.nodeExporter.port) + containerPort.withName('https')) +
+        ports: [
-        container.mixin.resources.withRequests($._config.resources['kube-rbac-proxy'].requests) +
+          { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port },
-        container.mixin.resources.withLimits($._config.resources['kube-rbac-proxy'].limits) +
+        ],
-        container.withEnv([ip]);
+        resources: $._config.resources['kube-rbac-proxy'],
+      };
-      local c = [nodeExporter, proxy];
-      daemonset.new() +
-      daemonset.mixin.metadata.withName('node-exporter') +
-      daemonset.mixin.metadata.withNamespace($._config.namespace) +
-      daemonset.mixin.metadata.withLabels(podLabels) +
-      daemonset.mixin.spec.selector.withMatchLabels(selectorLabels) +
-      daemonset.mixin.spec.updateStrategy.rollingUpdate.withMaxUnavailable('10%') +
-      daemonset.mixin.spec.template.metadata.withLabels(podLabels) +
-      daemonset.mixin.spec.template.spec.withTolerations([existsToleration]) +
-      daemonset.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) +
-      daemonset.mixin.spec.template.spec.withContainers(c) +
-      daemonset.mixin.spec.template.spec.withVolumes([procVolume, sysVolume, rootVolume]) +
-      daemonset.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
-      daemonset.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
-      daemonset.mixin.spec.template.spec.withServiceAccountName('node-exporter') +
-      daemonset.mixin.spec.template.spec.withHostPid(true) +
-      daemonset.mixin.spec.template.spec.withHostNetwork(true),
-    serviceAccount:
-      local serviceAccount = k.core.v1.serviceAccount;
-      serviceAccount.new('node-exporter') +
-      serviceAccount.mixin.metadata.withNamespace($._config.namespace),
-    serviceMonitor:
      {
-        apiVersion: 'monitoring.coreos.com/v1',
+        apiVersion: 'apps/v1',
-        kind: 'ServiceMonitor',
+        kind: 'DaemonSet',
        metadata: {
          name: 'node-exporter',
          namespace: $._config.namespace,
          labels: $._config.nodeExporter.labels,
        },
        spec: {
-          jobLabel: 'app.kubernetes.io/name',
+          selector: { matchLabels: $._config.nodeExporter.selectorLabels },
-          selector: {
+          updateStrategy: {
-            matchLabels: $._config.nodeExporter.selectorLabels,
+            type: 'RollingUpdate',
+            rollingUpdate: { maxUnavailable: '10%' },
          },
-          endpoints: [
+          template: {
-            {
+            metadata: { labels: $._config.nodeExporter.labels },
-              port: 'https',
+            spec: {
-              scheme: 'https',
+              nodeSelector: { 'kubernetes.io/os': 'linux' },
-              interval: '15s',
+              tolerations: [{
-              bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+                operator: 'Exists',
-              relabelings: [
+              }],
-                {
+              containers: [nodeExporter, proxy],
-                  action: 'replace',
+              volumes: [
-                  regex: '(.*)',
+                { name: 'proc', hostPath: { path: '/proc' } },
-                  replacement: '$1',
+                { name: 'sys', hostPath: { path: '/sys' } },
-                  sourceLabels: ['__meta_kubernetes_pod_node_name'],
+                { name: 'root', hostPath: { path: '/' } },
-                  targetLabel: 'instance',
-                },
              ],
-              tlsConfig: {
+              serviceAccountName: 'node-exporter',
-                insecureSkipVerify: true,
+              securityContext: {
+                runAsUser: 65534,
+                runAsNonRoot: true,
              },
+              hostPID: true,
+              hostNetwork: true,
            },
-          ],
+          },
        },
      },
-    service:
+    serviceAccount: {
-      local service = k.core.v1.service;
+      apiVersion: 'v1',
-      local servicePort = k.core.v1.service.mixin.spec.portsType;
+      kind: 'ServiceAccount',
+      metadata: {
+        name: 'node-exporter',
+        namespace: $._config.namespace,
+      },
+    },
-      local nodeExporterPort = servicePort.newNamed('https', $._config.nodeExporter.port, 'https');
+    serviceMonitor: {
+      apiVersion: 'monitoring.coreos.com/v1',
+      kind: 'ServiceMonitor',
+      metadata: {
+        name: 'node-exporter',
+        namespace: $._config.namespace,
+        labels: $._config.nodeExporter.labels,
+      },
+      spec: {
+        jobLabel: 'app.kubernetes.io/name',
+        selector: {
+          matchLabels: $._config.nodeExporter.selectorLabels,
+        },
+        endpoints: [{
+          port: 'https',
+          scheme: 'https',
+          interval: '15s',
+          bearerTokenFile: '/var/run/secrets/kubernetes.io/serviceaccount/token',
+          relabelings: [
+            {
+              action: 'replace',
+              regex: '(.*)',
+              replacement: '$1',
+              sourceLabels: ['__meta_kubernetes_pod_node_name'],
+              targetLabel: 'instance',
+            },
+          ],
+          tlsConfig: {
+            insecureSkipVerify: true,
+          },
+        }],
+      },
+    },
-      service.new('node-exporter', $._config.nodeExporter.selectorLabels, nodeExporterPort) +
+    service: {
-      service.mixin.metadata.withNamespace($._config.namespace) +
+      apiVersion: 'v1',
-      service.mixin.metadata.withLabels($._config.nodeExporter.labels) +
+      kind: 'Service',
-      service.mixin.spec.withClusterIp('None'),
+      metadata: {
+        name: 'node-exporter',
+        namespace: $._config.namespace,
+        labels: $._config.nodeExporter.labels,
+      },
+      spec: {
+        ports: [
+          { name: 'https', targetPort: 'https', port: $._config.nodeExporter.port },
+        ],
+        selector: $._config.nodeExporter.selectorLabels,
+        clusterIP: 'None',
+      },
+    },
  },
 }
--- a/manifests/node-exporter-daemonset.yaml
+++ b/manifests/node-exporter-daemonset.yaml
@@ -93,3 +93,4 @@ spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 10%
+    type: RollingUpdate