Merge pull request #793 from kakkoyun/ksonnet_no_more_15

Remove ksonnet from node-exporter/node-exporter.libsonnet

Merge pull request #793 from kakkoyun/ksonnet_no_more_15
7f500041 · Paweł Krupa · GitHub · 2cc09fb2 · 5005f4ac · 7f500041
Unverified Commit 7f500041 authored 4 years ago by Paweł Krupa Committed by GitHub 4 years ago
--- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
-local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
-
 {
  _config+:: {
    namespace: 'default',
-
-    versions+:: {
-      nodeExporter: 'v1.0.1',
-    },
-
-    imageRepos+:: {
-      nodeExporter: 'quay.io/prometheus/node-exporter',
-    },
+    versions+:: { nodeExporter: 'v1.0.1' },
+    imageRepos+:: { nodeExporter: 'quay.io/prometheus/node-exporter' },

    nodeExporter+:: {
      listenAddress: '127.0.0.1',
@@ -28,76 +20,49 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
  },

  nodeExporter+:: {
-    clusterRoleBinding:
-      local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;
-
-      clusterRoleBinding.new() +
-      clusterRoleBinding.mixin.metadata.withName('node-exporter') +
-      clusterRoleBinding.mixin.roleRef.withApiGroup('rbac.authorization.k8s.io') +
-      clusterRoleBinding.mixin.roleRef.withName('node-exporter') +
-      clusterRoleBinding.mixin.roleRef.mixinInstance({ kind: 'ClusterRole' }) +
-      clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'node-exporter', namespace: $._config.namespace }]),
-
-    clusterRole:
-      local clusterRole = k.rbac.v1.clusterRole;
-      local policyRule = clusterRole.rulesType;
-
-      local authenticationRole = policyRule.new() +
-                                 policyRule.withApiGroups(['authentication.k8s.io']) +
-                                 policyRule.withResources([
-                                   'tokenreviews',
-                                 ]) +
-                                 policyRule.withVerbs(['create']);
-
-      local authorizationRole = policyRule.new() +
-                                policyRule.withApiGroups(['authorization.k8s.io']) +
-                                policyRule.withResources([
-                                  'subjectaccessreviews',
-                                ]) +
-                                policyRule.withVerbs(['create']);
-
-      local rules = [authenticationRole, authorizationRole];
+    clusterRoleBinding: {
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'ClusterRoleBinding',
+      metadata: {
+        name: 'node-exporter',
+      },
+      roleRef: {
+        apiGroup: 'rbac.authorization.k8s.io',
+        kind: 'ClusterRole',
+        name: 'node-exporter',
+      },
+      subjects: [{
+        kind: 'ServiceAccount',
+        name: 'node-exporter',
+        namespace: $._config.namespace,
+      }],
+    },

-      clusterRole.new() +
-      clusterRole.mixin.metadata.withName('node-exporter') +
-      clusterRole.withRules(rules),
+    clusterRole: {
+      apiVersion: 'rbac.authorization.k8s.io/v1',
+      kind: 'ClusterRole',
+      metadata: {
+        name: 'node-exporter',
+      },
+      rules: [
+        {
+          apiGroups: ['authentication.k8s.io'],
+          resources: ['tokenreviews'],
+          verbs: ['create'],
+        },
+        {
+          apiGroups: ['authorization.k8s.io'],
+          resources: ['subjectaccessreviews'],
+          verbs: ['create'],
+        },
+      ],
+    },

    daemonset:
-      local daemonset = k.apps.v1.daemonSet;
-      local container = daemonset.mixin.spec.template.spec.containersType;
-      local volume = daemonset.mixin.spec.template.spec.volumesType;
-      local containerPort = container.portsType;
-      local containerVolumeMount = container.volumeMountsType;
-      local podSelector = daemonset.mixin.spec.template.spec.selectorType;
-      local toleration = daemonset.mixin.spec.template.spec.tolerationsType;
-      local containerEnv = container.envType;
-
-      local podLabels = $._config.nodeExporter.labels;
-      local selectorLabels = $._config.nodeExporter.selectorLabels;
-
-      local existsToleration = toleration.new() +
-                               toleration.withOperator('Exists');
-      local procVolumeName = 'proc';
-      local procVolume = volume.fromHostPath(procVolumeName, '/proc');
-      local procVolumeMount = containerVolumeMount.new(procVolumeName, '/host/proc').
-        withMountPropagation('HostToContainer').
-        withReadOnly(true);
-
-      local sysVolumeName = 'sys';
-      local sysVolume = volume.fromHostPath(sysVolumeName, '/sys');
-      local sysVolumeMount = containerVolumeMount.new(sysVolumeName, '/host/sys').
-        withMountPropagation('HostToContainer').
-        withReadOnly(true);
-
-      local rootVolumeName = 'root';
-      local rootVolume = volume.fromHostPath(rootVolumeName, '/');
-      local rootVolumeMount = containerVolumeMount.new(rootVolumeName, '/host/root').
-        withMountPropagation('HostToContainer').
-        withReadOnly(true);
-
-      local nodeExporter =
-        container.new('node-exporter', $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter) +
-        container.withArgs([
+      local nodeExporter = {
+        name: 'node-exporter',
+        image: $._config.imageRepos.nodeExporter + ':' + $._config.versions.nodeExporter,
+        args: [
          '--web.listen-address=' + std.join(':', [$._config.nodeExporter.listenAddress, std.toString($._config.nodeExporter.port)]),
          '--path.procfs=/host/proc',
          '--path.sysfs=/host/sys',
@@ -105,20 +70,27 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
          '--no-collector.wifi',
          '--no-collector.hwmon',
          '--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)',
-        ]) +
-        container.withVolumeMounts([procVolumeMount, sysVolumeMount, rootVolumeMount]) +
-        container.mixin.resources.withRequests($._config.resources['node-exporter'].requests) +
-        container.mixin.resources.withLimits($._config.resources['node-exporter'].limits);
+        ],
+        volumeMounts: [
+          { name: 'proc', mountPath: '/host/proc', mountPropagation: 'HostToContainer', readOnly: true },
+          { name: 'sys', mountPath: '/host/sys', mountPropagation: 'HostToContainer', readOnly: true },
+          { name: 'root', mountPath: '/host/root', mountPropagation: 'HostToContainer', readOnly: true },
+        ],
+        resources: $._config.resources['node-exporter'],
+      };

-      local ip = containerEnv.fromFieldPath('IP', 'status.podIP');
-      local proxy =
-        container.new('kube-rbac-proxy', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
-        container.withArgs([
+      local proxy = {
+        name: 'kube-rbac-proxy',
+        image: $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy,
+        args: [
          '--logtostderr',
          '--secure-listen-address=[$(IP)]:' + $._config.nodeExporter.port,
          '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
          '--upstream=http://127.0.0.1:' + $._config.nodeExporter.port + '/',
-        ]) +
+        ],
+        env: [
+          { name: 'IP', valueFrom: { fieldRef: { fieldPath: 'status.podIP' } } },
+        ],
        // Keep `hostPort` here, rather than in the node-exporter container
        // because Kubernetes mandates that if you define a `hostPort` then
        // `containerPort` must match. In our case, we are splitting the
@@ -127,38 +99,61 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
        // used by the service is tied to the proxy container. We *could*
        // forgo declaring the host port, however it is important to declare
        // it so that the scheduler can decide if the pod is schedulable.
-        container.withPorts(containerPort.new($._config.nodeExporter.port) + containerPort.withHostPort($._config.nodeExporter.port) + containerPort.withName('https')) +
-        container.mixin.resources.withRequests($._config.resources['kube-rbac-proxy'].requests) +
-        container.mixin.resources.withLimits($._config.resources['kube-rbac-proxy'].limits) +
-        container.withEnv([ip]);
-
-      local c = [nodeExporter, proxy];
-
-      daemonset.new() +
-      daemonset.mixin.metadata.withName('node-exporter') +
-      daemonset.mixin.metadata.withNamespace($._config.namespace) +
-      daemonset.mixin.metadata.withLabels(podLabels) +
-      daemonset.mixin.spec.selector.withMatchLabels(selectorLabels) +
-      daemonset.mixin.spec.updateStrategy.rollingUpdate.withMaxUnavailable('10%') +
-      daemonset.mixin.spec.template.metadata.withLabels(podLabels) +
-      daemonset.mixin.spec.template.spec.withTolerations([existsToleration]) +
-      daemonset.mixin.spec.template.spec.withNodeSelector({ 'kubernetes.io/os': 'linux' }) +
-      daemonset.mixin.spec.template.spec.withContainers(c) +
-      daemonset.mixin.spec.template.spec.withVolumes([procVolume, sysVolume, rootVolume]) +
-      daemonset.mixin.spec.template.spec.securityContext.withRunAsNonRoot(true) +
-      daemonset.mixin.spec.template.spec.securityContext.withRunAsUser(65534) +
-      daemonset.mixin.spec.template.spec.withServiceAccountName('node-exporter') +
-      daemonset.mixin.spec.template.spec.withHostPid(true) +
-      daemonset.mixin.spec.template.spec.withHostNetwork(true),
+        ports: [
+          { name: 'https', containerPort: $._config.nodeExporter.port, hostPort: $._config.nodeExporter.port },
+        ],
+        resources: $._config.resources['kube-rbac-proxy'],
+      };

-    serviceAccount:
-      local serviceAccount = k.core.v1.serviceAccount;
+      {
+        apiVersion: 'apps/v1',
+        kind: 'DaemonSet',
+        metadata: {
+          name: 'node-exporter',
+          namespace: $._config.namespace,
+          labels: $._config.nodeExporter.labels,
+        },
+        spec: {
+          selector: { matchLabels: $._config.nodeExporter.selectorLabels },
+          updateStrategy: {
+            type: 'RollingUpdate',
+            rollingUpdate: { maxUnavailable: '10%' },
+          },
+          template: {
+            metadata: { labels: $._config.nodeExporter.labels },
+            spec: {
+              nodeSelector: { 'kubernetes.io/os': 'linux' },
+              tolerations: [{
+                operator: 'Exists',
+              }],
+              containers: [nodeExporter, proxy],
+              volumes: [
+                { name: 'proc', hostPath: { path: '/proc' } },
+                { name: 'sys', hostPath: { path: '/sys' } },
+                { name: 'root', hostPath: { path: '/' } },
+              ],
+              serviceAccountName: 'node-exporter',
+              securityContext: {
+                runAsUser: 65534,
+                runAsNonRoot: true,
+              },
+              hostPID: true,
+              hostNetwork: true,
+            },
+          },
+        },
+      },

-      serviceAccount.new('node-exporter') +
-      serviceAccount.mixin.metadata.withNamespace($._config.namespace),
+    serviceAccount: {
+      apiVersion: 'v1',
+      kind: 'ServiceAccount',
+      metadata: {
+        name: 'node-exporter',
+        namespace: $._config.namespace,
+      },
+    },

-    serviceMonitor:
-      {
+    serviceMonitor: {
      apiVersion: 'monitoring.coreos.com/v1',
      kind: 'ServiceMonitor',
      metadata: {
@@ -171,8 +166,7 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
        selector: {
          matchLabels: $._config.nodeExporter.selectorLabels,
        },
-          endpoints: [
-            {
+        endpoints: [{
          port: 'https',
          scheme: 'https',
          interval: '15s',
@@ -189,20 +183,25 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
          tlsConfig: {
            insecureSkipVerify: true,
          },
+        }],
+      },
+    },
+
+    service: {
+      apiVersion: 'v1',
+      kind: 'Service',
+      metadata: {
+        name: 'node-exporter',
+        namespace: $._config.namespace,
+        labels: $._config.nodeExporter.labels,
      },
+      spec: {
+        ports: [
+          { name: 'https', targetPort: 'https', port: $._config.nodeExporter.port },
        ],
+        selector: $._config.nodeExporter.selectorLabels,
+        clusterIP: 'None',
      },
    },
-
-    service:
-      local service = k.core.v1.service;
-      local servicePort = k.core.v1.service.mixin.spec.portsType;
-
-      local nodeExporterPort = servicePort.newNamed('https', $._config.nodeExporter.port, 'https');
-
-      service.new('node-exporter', $._config.nodeExporter.selectorLabels, nodeExporterPort) +
-      service.mixin.metadata.withNamespace($._config.namespace) +
-      service.mixin.metadata.withLabels($._config.nodeExporter.labels) +
-      service.mixin.spec.withClusterIp('None'),
  },
 }
--- a/manifests/node-exporter-daemonset.yaml
+++ b/manifests/node-exporter-daemonset.yaml
@@ -93,3 +93,4 @@ spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 10%
+    type: RollingUpdate