Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
kube-prometheus
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Releases
Model registry
Analyze
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
GitHub Mirror
prometheus-operator
kube-prometheus
Commits
7f500041
Unverified
Commit
7f500041
authored
4 years ago
by
Paweł Krupa
Committed by
GitHub
4 years ago
Browse files
Options
Downloads
Plain Diff
Merge pull request #793 from kakkoyun/ksonnet_no_more_15
Remove ksonnet from node-exporter/node-exporter.libsonnet
parents
2cc09fb2
5005f4ac
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
+146
-147
146 additions, 147 deletions
...net/kube-prometheus/node-exporter/node-exporter.libsonnet
manifests/node-exporter-daemonset.yaml
+1
-0
1 addition, 0 deletions
manifests/node-exporter-daemonset.yaml
with
147 additions
and
147 deletions
jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
+
146
−
147
View file @
7f500041
local
k
=
import
'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet'
;
{
_config
+::
{
namespace
:
'default'
,
versions
+::
{
nodeExporter
:
'v1.0.1'
,
},
imageRepos
+::
{
nodeExporter
:
'quay.io/prometheus/node-exporter'
,
},
versions
+::
{
nodeExporter
:
'v1.0.1'
},
imageRepos
+::
{
nodeExporter
:
'quay.io/prometheus/node-exporter'
},
nodeExporter
+::
{
listenAddress
:
'127.0.0.1'
,
...
...
@@ -28,76 +20,49 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
},
nodeExporter
+::
{
clusterRoleBinding
:
local
clusterRoleBinding
=
k
.
rbac
.
v1
.
clusterRoleBinding
;
clusterRoleBinding
.
new
()
+
clusterRoleBinding
.
mixin
.
metadata
.
withName
(
'node-exporter'
)
+
clusterRoleBinding
.
mixin
.
roleRef
.
withApiGroup
(
'rbac.authorization.k8s.io'
)
+
clusterRoleBinding
.
mixin
.
roleRef
.
withName
(
'node-exporter'
)
+
clusterRoleBinding
.
mixin
.
roleRef
.
mixinInstance
({
kind
:
'ClusterRole'
})
+
clusterRoleBinding
.
withSubjects
([{
kind
:
'ServiceAccount'
,
name
:
'node-exporter'
,
namespace
:
$
.
_config
.
namespace
}]),
clusterRole
:
local
clusterRole
=
k
.
rbac
.
v1
.
clusterRole
;
local
policyRule
=
clusterRole
.
rulesType
;
local
authenticationRole
=
policyRule
.
new
()
+
policyRule
.
withApiGroups
([
'authentication.k8s.io'
])
+
policyRule
.
withResources
([
'tokenreviews'
,
])
+
policyRule
.
withVerbs
([
'create'
]);
local
authorizationRole
=
policyRule
.
new
()
+
policyRule
.
withApiGroups
([
'authorization.k8s.io'
])
+
policyRule
.
withResources
([
'subjectaccessreviews'
,
])
+
policyRule
.
withVerbs
([
'create'
]);
local
rules
=
[
authenticationRole
,
authorizationRole
];
clusterRoleBinding
:
{
apiVersion
:
'rbac.authorization.k8s.io/v1'
,
kind
:
'ClusterRoleBinding'
,
metadata
:
{
name
:
'node-exporter'
,
},
roleRef
:
{
apiGroup
:
'rbac.authorization.k8s.io'
,
kind
:
'ClusterRole'
,
name
:
'node-exporter'
,
},
subjects
:
[{
kind
:
'ServiceAccount'
,
name
:
'node-exporter'
,
namespace
:
$
.
_config
.
namespace
,
}],
},
clusterRole
.
new
()
+
clusterRole
.
mixin
.
metadata
.
withName
(
'node-exporter'
)
+
clusterRole
.
withRules
(
rules
),
clusterRole
:
{
apiVersion
:
'rbac.authorization.k8s.io/v1'
,
kind
:
'ClusterRole'
,
metadata
:
{
name
:
'node-exporter'
,
},
rules
:
[
{
apiGroups
:
[
'authentication.k8s.io'
],
resources
:
[
'tokenreviews'
],
verbs
:
[
'create'
],
},
{
apiGroups
:
[
'authorization.k8s.io'
],
resources
:
[
'subjectaccessreviews'
],
verbs
:
[
'create'
],
},
],
},
daemonset
:
local
daemonset
=
k
.
apps
.
v1
.
daemonSet
;
local
container
=
daemonset
.
mixin
.
spec
.
template
.
spec
.
containersType
;
local
volume
=
daemonset
.
mixin
.
spec
.
template
.
spec
.
volumesType
;
local
containerPort
=
container
.
portsType
;
local
containerVolumeMount
=
container
.
volumeMountsType
;
local
podSelector
=
daemonset
.
mixin
.
spec
.
template
.
spec
.
selectorType
;
local
toleration
=
daemonset
.
mixin
.
spec
.
template
.
spec
.
tolerationsType
;
local
containerEnv
=
container
.
envType
;
local
podLabels
=
$
.
_config
.
nodeExporter
.
labels
;
local
selectorLabels
=
$
.
_config
.
nodeExporter
.
selectorLabels
;
local
existsToleration
=
toleration
.
new
()
+
toleration
.
withOperator
(
'Exists'
);
local
procVolumeName
=
'proc'
;
local
procVolume
=
volume
.
fromHostPath
(
procVolumeName
,
'/proc'
);
local
procVolumeMount
=
containerVolumeMount
.
new
(
procVolumeName
,
'/host/proc'
).
withMountPropagation
(
'HostToContainer'
).
withReadOnly
(
true
);
local
sysVolumeName
=
'sys'
;
local
sysVolume
=
volume
.
fromHostPath
(
sysVolumeName
,
'/sys'
);
local
sysVolumeMount
=
containerVolumeMount
.
new
(
sysVolumeName
,
'/host/sys'
).
withMountPropagation
(
'HostToContainer'
).
withReadOnly
(
true
);
local
rootVolumeName
=
'root'
;
local
rootVolume
=
volume
.
fromHostPath
(
rootVolumeName
,
'/'
);
local
rootVolumeMount
=
containerVolumeMount
.
new
(
rootVolumeName
,
'/host/root'
).
withMountPropagation
(
'HostToContainer'
).
withReadOnly
(
true
);
local
nodeExporter
=
container
.
new
(
'node-exporter'
,
$
.
_config
.
imageRepos
.
nodeExporter
+
':'
+
$
.
_config
.
versions
.
nodeExporter
)
+
container
.
withArgs
([
local
nodeExporter
=
{
name
:
'node-exporter'
,
image
:
$
.
_config
.
imageRepos
.
nodeExporter
+
':'
+
$
.
_config
.
versions
.
nodeExporter
,
args
:
[
'--web.listen-address='
+
std
.
join
(
':'
,
[
$
.
_config
.
nodeExporter
.
listenAddress
,
std
.
toString
(
$
.
_config
.
nodeExporter
.
port
)]),
'--path.procfs=/host/proc'
,
'--path.sysfs=/host/sys'
,
...
...
@@ -105,20 +70,27 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
'--no-collector.wifi'
,
'--no-collector.hwmon'
,
'--collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/pods/.+)($|/)'
,
])
+
container
.
withVolumeMounts
([
procVolumeMount
,
sysVolumeMount
,
rootVolumeMount
])
+
container
.
mixin
.
resources
.
withRequests
(
$
.
_config
.
resources
[
'node-exporter'
].
requests
)
+
container
.
mixin
.
resources
.
withLimits
(
$
.
_config
.
resources
[
'node-exporter'
].
limits
);
],
volumeMounts
:
[
{
name
:
'proc'
,
mountPath
:
'/host/proc'
,
mountPropagation
:
'HostToContainer'
,
readOnly
:
true
},
{
name
:
'sys'
,
mountPath
:
'/host/sys'
,
mountPropagation
:
'HostToContainer'
,
readOnly
:
true
},
{
name
:
'root'
,
mountPath
:
'/host/root'
,
mountPropagation
:
'HostToContainer'
,
readOnly
:
true
},
],
resources
:
$
.
_config
.
resources
[
'node-exporter'
],
};
local
ip
=
containerEnv
.
fromFieldPath
(
'IP'
,
'status.podIP'
);
local
proxy
=
container
.
new
(
'kube-rbac-proxy'
,
$
.
_config
.
imageRepos
.
kubeRbacProxy
+
':'
+
$
.
_config
.
versions
.
kubeRbacProxy
)
+
container
.
withA
rgs
(
[
local
proxy
=
{
name
:
'kube-rbac-
proxy
'
,
image
:
$
.
_config
.
imageRepos
.
kubeRbacProxy
+
':'
+
$
.
_config
.
versions
.
kubeRbacProxy
,
a
rgs
:
[
'--logtostderr'
,
'--secure-listen-address=[$(IP)]:'
+
$
.
_config
.
nodeExporter
.
port
,
'--tls-cipher-suites='
+
std
.
join
(
','
,
$
.
_config
.
tlsCipherSuites
),
'--upstream=http://127.0.0.1:'
+
$
.
_config
.
nodeExporter
.
port
+
'/'
,
])
+
],
env
:
[
{
name
:
'IP'
,
valueFrom
:
{
fieldRef
:
{
fieldPath
:
'status.podIP'
}
}
},
],
// Keep `hostPort` here, rather than in the node-exporter container
// because Kubernetes mandates that if you define a `hostPort` then
// `containerPort` must match. In our case, we are splitting the
...
...
@@ -127,38 +99,61 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
// used by the service is tied to the proxy container. We *could*
// forgo declaring the host port, however it is important to declare
// it so that the scheduler can decide if the pod is schedulable.
container
.
withPorts
(
containerPort
.
new
(
$
.
_config
.
nodeExporter
.
port
)
+
containerPort
.
withHostPort
(
$
.
_config
.
nodeExporter
.
port
)
+
containerPort
.
withName
(
'https'
))
+
container
.
mixin
.
resources
.
withRequests
(
$
.
_config
.
resources
[
'kube-rbac-proxy'
].
requests
)
+
container
.
mixin
.
resources
.
withLimits
(
$
.
_config
.
resources
[
'kube-rbac-proxy'
].
limits
)
+
container
.
withEnv
([
ip
]);
local
c
=
[
nodeExporter
,
proxy
];
daemonset
.
new
()
+
daemonset
.
mixin
.
metadata
.
withName
(
'node-exporter'
)
+
daemonset
.
mixin
.
metadata
.
withNamespace
(
$
.
_config
.
namespace
)
+
daemonset
.
mixin
.
metadata
.
withLabels
(
podLabels
)
+
daemonset
.
mixin
.
spec
.
selector
.
withMatchLabels
(
selectorLabels
)
+
daemonset
.
mixin
.
spec
.
updateStrategy
.
rollingUpdate
.
withMaxUnavailable
(
'10%'
)
+
daemonset
.
mixin
.
spec
.
template
.
metadata
.
withLabels
(
podLabels
)
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
withTolerations
([
existsToleration
])
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
withNodeSelector
({
'kubernetes.io/os'
:
'linux'
})
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
withContainers
(
c
)
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
withVolumes
([
procVolume
,
sysVolume
,
rootVolume
])
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
securityContext
.
withRunAsNonRoot
(
true
)
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
securityContext
.
withRunAsUser
(
65534
)
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
withServiceAccountName
(
'node-exporter'
)
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
withHostPid
(
true
)
+
daemonset
.
mixin
.
spec
.
template
.
spec
.
withHostNetwork
(
true
),
ports
:
[
{
name
:
'https'
,
containerPort
:
$
.
_config
.
nodeExporter
.
port
,
hostPort
:
$
.
_config
.
nodeExporter
.
port
},
],
resources
:
$
.
_config
.
resources
[
'kube-rbac-proxy'
],
};
serviceAccount
:
local
serviceAccount
=
k
.
core
.
v1
.
serviceAccount
;
{
apiVersion
:
'apps/v1'
,
kind
:
'DaemonSet'
,
metadata
:
{
name
:
'node-exporter'
,
namespace
:
$
.
_config
.
namespace
,
labels
:
$
.
_config
.
nodeExporter
.
labels
,
},
spec
:
{
selector
:
{
matchLabels
:
$
.
_config
.
nodeExporter
.
selectorLabels
},
updateStrategy
:
{
type
:
'RollingUpdate'
,
rollingUpdate
:
{
maxUnavailable
:
'10%'
},
},
template
:
{
metadata
:
{
labels
:
$
.
_config
.
nodeExporter
.
labels
},
spec
:
{
nodeSelector
:
{
'kubernetes.io/os'
:
'linux'
},
tolerations
:
[{
operator
:
'Exists'
,
}],
containers
:
[
nodeExporter
,
proxy
],
volumes
:
[
{
name
:
'proc'
,
hostPath
:
{
path
:
'/proc'
}
},
{
name
:
'sys'
,
hostPath
:
{
path
:
'/sys'
}
},
{
name
:
'root'
,
hostPath
:
{
path
:
'/'
}
},
],
serviceAccountName
:
'node-exporter'
,
securityContext
:
{
runAsUser
:
65534
,
runAsNonRoot
:
true
,
},
hostPID
:
true
,
hostNetwork
:
true
,
},
},
},
},
serviceAccount
.
new
(
'node-exporter'
)
+
serviceAccount
.
mixin
.
metadata
.
withNamespace
(
$
.
_config
.
namespace
),
serviceAccount
:
{
apiVersion
:
'v1'
,
kind
:
'ServiceAccount'
,
metadata
:
{
name
:
'node-exporter'
,
namespace
:
$
.
_config
.
namespace
,
},
},
serviceMonitor
:
{
serviceMonitor
:
{
apiVersion
:
'monitoring.coreos.com/v1'
,
kind
:
'ServiceMonitor'
,
metadata
:
{
...
...
@@ -171,8 +166,7 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
selector
:
{
matchLabels
:
$
.
_config
.
nodeExporter
.
selectorLabels
,
},
endpoints
:
[
{
endpoints
:
[{
port
:
'https'
,
scheme
:
'https'
,
interval
:
'15s'
,
...
...
@@ -189,20 +183,25 @@ local k = import 'github.com/ksonnet/ksonnet-lib/ksonnet.beta.4/k.libsonnet';
tlsConfig
:
{
insecureSkipVerify
:
true
,
},
}],
},
},
service
:
{
apiVersion
:
'v1'
,
kind
:
'Service'
,
metadata
:
{
name
:
'node-exporter'
,
namespace
:
$
.
_config
.
namespace
,
labels
:
$
.
_config
.
nodeExporter
.
labels
,
},
spec
:
{
ports
:
[
{
name
:
'https'
,
targetPort
:
'https'
,
port
:
$
.
_config
.
nodeExporter
.
port
},
],
selector
:
$
.
_config
.
nodeExporter
.
selectorLabels
,
clusterIP
:
'None'
,
},
},
service
:
local
service
=
k
.
core
.
v1
.
service
;
local
servicePort
=
k
.
core
.
v1
.
service
.
mixin
.
spec
.
portsType
;
local
nodeExporterPort
=
servicePort
.
newNamed
(
'https'
,
$
.
_config
.
nodeExporter
.
port
,
'https'
);
service
.
new
(
'node-exporter'
,
$
.
_config
.
nodeExporter
.
selectorLabels
,
nodeExporterPort
)
+
service
.
mixin
.
metadata
.
withNamespace
(
$
.
_config
.
namespace
)
+
service
.
mixin
.
metadata
.
withLabels
(
$
.
_config
.
nodeExporter
.
labels
)
+
service
.
mixin
.
spec
.
withClusterIp
(
'None'
),
},
}
This diff is collapsed.
Click to expand it.
manifests/node-exporter-daemonset.yaml
+
1
−
0
View file @
7f500041
...
...
@@ -93,3 +93,4 @@ spec:
updateStrategy
:
rollingUpdate
:
maxUnavailable
:
10%
type
:
RollingUpdate
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment