From a24090932613f52b0dc40370a590679e6693b8a1 Mon Sep 17 00:00:00 2001
From: Matthias Loibl <mail@matthiasloibl.com>
Date: Tue, 13 Nov 2018 14:43:30 +0100
Subject: [PATCH] contrib/kube-prometheus: Update custom-metrics example to use
our adapter
---
...r-auth-delegator-cluster-role-binding.yaml | 12 ---
...cs-apiserver-auth-reader-role-binding.yaml | 13 ---
.../custom-metrics-apiserver-deployment.yaml | 41 --------
...-resource-reader-cluster-role-binding.yaml | 6 +-
...tom-metrics-apiserver-service-account.yaml | 4 -
.../custom-metrics-apiserver-service.yaml | 10 --
.../custom-metrics-apiservice.yaml | 2 +-
.../custom-metrics-configmap.yaml | 98 +++++++++++++++++++
...-metrics-resource-reader-cluster-role.yaml | 14 ---
experimental/custom-metrics-api/deploy.sh | 13 ---
experimental/custom-metrics-api/gencerts.sh | 37 -------
experimental/custom-metrics-api/teardown.sh | 13 ---
12 files changed, 102 insertions(+), 161 deletions(-)
delete mode 100644 experimental/custom-metrics-api/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml
delete mode 100644 experimental/custom-metrics-api/custom-metrics-apiserver-auth-reader-role-binding.yaml
delete mode 100644 experimental/custom-metrics-api/custom-metrics-apiserver-deployment.yaml
delete mode 100644 experimental/custom-metrics-api/custom-metrics-apiserver-service-account.yaml
delete mode 100644 experimental/custom-metrics-api/custom-metrics-apiserver-service.yaml
create mode 100644 experimental/custom-metrics-api/custom-metrics-configmap.yaml
delete mode 100644 experimental/custom-metrics-api/custom-metrics-resource-reader-cluster-role.yaml
delete mode 100755 experimental/custom-metrics-api/deploy.sh
delete mode 100755 experimental/custom-metrics-api/gencerts.sh
delete mode 100755 experimental/custom-metrics-api/teardown.sh
diff --git a/experimental/custom-metrics-api/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml b/experimental/custom-metrics-api/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml
deleted file mode 100644
index 8853bc1f..00000000
--- a/experimental/custom-metrics-api/custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
- name: custom-metrics:system:auth-delegator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: system:auth-delegator
-subjects:
-- kind: ServiceAccount
- name: custom-metrics-apiserver
- namespace: monitoring
diff --git a/experimental/custom-metrics-api/custom-metrics-apiserver-auth-reader-role-binding.yaml b/experimental/custom-metrics-api/custom-metrics-apiserver-auth-reader-role-binding.yaml
deleted file mode 100644
index 682143cf..00000000
--- a/experimental/custom-metrics-api/custom-metrics-apiserver-auth-reader-role-binding.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
- name: custom-metrics-auth-reader
- namespace: kube-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: extension-apiserver-authentication-reader
-subjects:
-- kind: ServiceAccount
- name: custom-metrics-apiserver
- namespace: monitoring
diff --git a/experimental/custom-metrics-api/custom-metrics-apiserver-deployment.yaml b/experimental/custom-metrics-api/custom-metrics-apiserver-deployment.yaml
deleted file mode 100644
index e5b4beea..00000000
--- a/experimental/custom-metrics-api/custom-metrics-apiserver-deployment.yaml
+++ /dev/null
@@ -1,41 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- labels:
- app: custom-metrics-apiserver
- name: custom-metrics-apiserver
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: custom-metrics-apiserver
- template:
- metadata:
- labels:
- app: custom-metrics-apiserver
- name: custom-metrics-apiserver
- spec:
- serviceAccountName: custom-metrics-apiserver
- containers:
- - name: custom-metrics-apiserver
- image: quay.io/coreos/k8s-prometheus-adapter-amd64:v0.2.0
- args:
- - /adapter
- - --secure-port=6443
- - --tls-cert-file=/var/run/serving-cert/serving.crt
- - --tls-private-key-file=/var/run/serving-cert/serving.key
- - --logtostderr=true
- - --prometheus-url=http://prometheus-k8s.monitoring.svc:9090/
- - --metrics-relist-interval=30s
- - --rate-interval=5m
- - --v=10
- ports:
- - containerPort: 6443
- volumeMounts:
- - mountPath: /var/run/serving-cert
- name: volume-serving-cert
- readOnly: true
- volumes:
- - name: volume-serving-cert
- secret:
- secretName: cm-adapter-serving-certs
diff --git a/experimental/custom-metrics-api/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml b/experimental/custom-metrics-api/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml
index 0335c177..e2b1ca43 100644
--- a/experimental/custom-metrics-api/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml
+++ b/experimental/custom-metrics-api/custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml
@@ -1,12 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
- name: custom-metrics-resource-reader
+ name: custom-metrics-server-resources
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
- name: custom-metrics-resource-reader
+ name: custom-metrics-server-resources
subjects:
- kind: ServiceAccount
- name: custom-metrics-apiserver
+ name: prometheus-adapter
namespace: monitoring
diff --git a/experimental/custom-metrics-api/custom-metrics-apiserver-service-account.yaml b/experimental/custom-metrics-api/custom-metrics-apiserver-service-account.yaml
deleted file mode 100644
index 29359409..00000000
--- a/experimental/custom-metrics-api/custom-metrics-apiserver-service-account.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-kind: ServiceAccount
-apiVersion: v1
-metadata:
- name: custom-metrics-apiserver
diff --git a/experimental/custom-metrics-api/custom-metrics-apiserver-service.yaml b/experimental/custom-metrics-api/custom-metrics-apiserver-service.yaml
deleted file mode 100644
index fb0addcb..00000000
--- a/experimental/custom-metrics-api/custom-metrics-apiserver-service.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: custom-metrics-apiserver
-spec:
- ports:
- - port: 443
- targetPort: 6443
- selector:
- app: custom-metrics-apiserver
diff --git a/experimental/custom-metrics-api/custom-metrics-apiservice.yaml b/experimental/custom-metrics-api/custom-metrics-apiservice.yaml
index cfc2ee63..98f87495 100644
--- a/experimental/custom-metrics-api/custom-metrics-apiservice.yaml
+++ b/experimental/custom-metrics-api/custom-metrics-apiservice.yaml
@@ -4,7 +4,7 @@ metadata:
name: v1beta1.custom.metrics.k8s.io
spec:
service:
- name: custom-metrics-apiserver
+ name: prometheus-adapter
namespace: monitoring
group: custom.metrics.k8s.io
version: v1beta1
diff --git a/experimental/custom-metrics-api/custom-metrics-configmap.yaml b/experimental/custom-metrics-api/custom-metrics-configmap.yaml
new file mode 100644
index 00000000..2e209cc3
--- /dev/null
+++ b/experimental/custom-metrics-api/custom-metrics-configmap.yaml
@@ -0,0 +1,98 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: adapter-config
+ namespace: monitoring
+data:
+ config.yaml: |
+ rules:
+ - seriesQuery: '{__name__=~"^container_.*",container_name!="POD",namespace!="",pod_name!=""}'
+ seriesFilters: []
+ resources:
+ overrides:
+ namespace:
+ resource: namespace
+ pod_name:
+ resource: pod
+ name:
+ matches: ^container_(.*)_seconds_total$
+ as: ""
+ metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container_name!="POD"}[1m])) by (<<.GroupBy>>)
+ - seriesQuery: '{__name__=~"^container_.*",container_name!="POD",namespace!="",pod_name!=""}'
+ seriesFilters:
+ - isNot: ^container_.*_seconds_total$
+ resources:
+ overrides:
+ namespace:
+ resource: namespace
+ pod_name:
+ resource: pod
+ name:
+ matches: ^container_(.*)_total$
+ as: ""
+ metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>,container_name!="POD"}[1m])) by (<<.GroupBy>>)
+ - seriesQuery: '{__name__=~"^container_.*",container_name!="POD",namespace!="",pod_name!=""}'
+ seriesFilters:
+ - isNot: ^container_.*_total$
+ resources:
+ overrides:
+ namespace:
+ resource: namespace
+ pod_name:
+ resource: pod
+ name:
+ matches: ^container_(.*)$
+ as: ""
+ metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>,container_name!="POD"}) by (<<.GroupBy>>)
+ - seriesQuery: '{namespace!="",__name__!~"^container_.*"}'
+ seriesFilters:
+ - isNot: .*_total$
+ resources:
+ template: <<.Resource>>
+ name:
+ matches: ""
+ as: ""
+ metricsQuery: sum(<<.Series>>{<<.LabelMatchers>>}) by (<<.GroupBy>>)
+ - seriesQuery: '{namespace!="",__name__!~"^container_.*"}'
+ seriesFilters:
+ - isNot: .*_seconds_total
+ resources:
+ template: <<.Resource>>
+ name:
+ matches: ^(.*)_total$
+ as: ""
+ metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)
+ - seriesQuery: '{namespace!="",__name__!~"^container_.*"}'
+ seriesFilters: []
+ resources:
+ template: <<.Resource>>
+ name:
+ matches: ^(.*)_seconds_total$
+ as: ""
+ metricsQuery: sum(rate(<<.Series>>{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)
+ resourceRules:
+ cpu:
+ containerQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>}[1m])) by (<<.GroupBy>>)
+ nodeQuery: sum(rate(container_cpu_usage_seconds_total{<<.LabelMatchers>>, id='/'}[1m])) by (<<.GroupBy>>)
+ resources:
+ overrides:
+ node:
+ resource: node
+ namespace:
+ resource: namespace
+ pod_name:
+ resource: pod
+ containerLabel: container_name
+ memory:
+ containerQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>}) by (<<.GroupBy>>)
+ nodeQuery: sum(container_memory_working_set_bytes{<<.LabelMatchers>>,id='/'}) by (<<.GroupBy>>)
+ resources:
+ overrides:
+ node:
+ resource: node
+ namespace:
+ resource: namespace
+ pod_name:
+ resource: pod
+ containerLabel: container_name
+ window: 1m
diff --git a/experimental/custom-metrics-api/custom-metrics-resource-reader-cluster-role.yaml b/experimental/custom-metrics-api/custom-metrics-resource-reader-cluster-role.yaml
deleted file mode 100644
index a5ad7604..00000000
--- a/experimental/custom-metrics-api/custom-metrics-resource-reader-cluster-role.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
- name: custom-metrics-resource-reader
-rules:
-- apiGroups:
- - ""
- resources:
- - namespaces
- - pods
- - services
- verbs:
- - get
- - list
diff --git a/experimental/custom-metrics-api/deploy.sh b/experimental/custom-metrics-api/deploy.sh
deleted file mode 100755
index 2255c7fd..00000000
--- a/experimental/custom-metrics-api/deploy.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-
-kubectl create -f custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml
-kubectl create -f custom-metrics-apiserver-auth-reader-role-binding.yaml
-kubectl -n monitoring create -f cm-adapter-serving-certs.yaml
-kubectl -n monitoring create -f custom-metrics-apiserver-deployment.yaml
-kubectl create -f custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml
-kubectl -n monitoring create -f custom-metrics-apiserver-service-account.yaml
-kubectl -n monitoring create -f custom-metrics-apiserver-service.yaml
-kubectl create -f custom-metrics-apiservice.yaml
-kubectl create -f custom-metrics-cluster-role.yaml
-kubectl create -f custom-metrics-resource-reader-cluster-role.yaml
-kubectl create -f hpa-custom-metrics-cluster-role-binding.yaml
diff --git a/experimental/custom-metrics-api/gencerts.sh b/experimental/custom-metrics-api/gencerts.sh
deleted file mode 100755
index a8f5539d..00000000
--- a/experimental/custom-metrics-api/gencerts.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/usr/bin/env bash
-# exit immediately when a command fails
-set -e
-# only exit with zero if all commands of the pipeline exit successfully
-set -o pipefail
-# error on unset variables
-set -u
-
-# Detect if we are on mac or should use GNU base64 options
-case $(uname) in
- Darwin)
- b64_opts='-b=0'
- ;;
- *)
- b64_opts='--wrap=0'
-esac
-
-go get -v -u github.com/cloudflare/cfssl/cmd/...
-
-export PURPOSE=metrics
-openssl req -x509 -sha256 -new -nodes -days 365 -newkey rsa:2048 -keyout ${PURPOSE}-ca.key -out ${PURPOSE}-ca.crt -subj "/CN=ca"
-echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","'${PURPOSE}'"]}}}' > "${PURPOSE}-ca-config.json"
-
-export SERVICE_NAME=custom-metrics-apiserver
-export ALT_NAMES='"custom-metrics-apiserver.monitoring","custom-metrics-apiserver.monitoring.svc"'
-echo "{\"CN\":\"${SERVICE_NAME}\", \"hosts\": [${ALT_NAMES}], \"key\": {\"algo\": \"rsa\",\"size\": 2048}}" | \
- cfssl gencert -ca=metrics-ca.crt -ca-key=metrics-ca.key -config=metrics-ca-config.json - | cfssljson -bare apiserver
-
-cat <<-EOF > cm-adapter-serving-certs.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: cm-adapter-serving-certs
-data:
- serving.crt: $(base64 ${b64_opts} < apiserver.pem)
- serving.key: $(base64 ${b64_opts} < apiserver-key.pem)
-EOF
diff --git a/experimental/custom-metrics-api/teardown.sh b/experimental/custom-metrics-api/teardown.sh
deleted file mode 100755
index 4797de1c..00000000
--- a/experimental/custom-metrics-api/teardown.sh
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/usr/bin/env bash
-
-kubectl delete -f custom-metrics-apiserver-auth-delegator-cluster-role-binding.yaml
-kubectl delete -f custom-metrics-apiserver-auth-reader-role-binding.yaml
-kubectl -n monitoring delete -f cm-adapter-serving-certs.yaml
-kubectl -n monitoring delete -f custom-metrics-apiserver-deployment.yaml
-kubectl delete -f custom-metrics-apiserver-resource-reader-cluster-role-binding.yaml
-kubectl -n monitoring delete -f custom-metrics-apiserver-service-account.yaml
-kubectl -n monitoring delete -f custom-metrics-apiserver-service.yaml
-kubectl delete -f custom-metrics-apiservice.yaml
-kubectl delete -f custom-metrics-cluster-role.yaml
-kubectl delete -f custom-metrics-resource-reader-cluster-role.yaml
-kubectl delete -f hpa-custom-metrics-cluster-role-binding.yaml
--
GitLab