From ca90b53913e85cbd51d8d344a8984235ef97ee1c Mon Sep 17 00:00:00 2001 From: eminaktas Date: Mon, 21 Feb 2022 19:38:22 +0300 Subject: [PATCH] feat: Add metric scrape configs in Helm Chart Signed-off-by: eminaktas --- charts/descheduler/README.md | 73 +++++++++++-------- charts/descheduler/templates/configmap.yaml | 1 + charts/descheduler/templates/cronjob.yaml | 1 + charts/descheduler/templates/deployment.yaml | 1 + .../templates/podsecuritypolicy.yaml | 1 + charts/descheduler/templates/service.yaml | 21 ++++++ .../descheduler/templates/serviceaccount.yaml | 1 + .../descheduler/templates/servicemonitor.yaml | 41 +++++++++++ .../templates/tests/test-descheduler-pod.yaml | 3 +- charts/descheduler/values.yaml | 22 ++++++ 10 files changed, 132 insertions(+), 33 deletions(-) create mode 100644 charts/descheduler/templates/service.yaml create mode 100644 charts/descheduler/templates/servicemonitor.yaml diff --git a/charts/descheduler/README.md b/charts/descheduler/README.md index 14a9d97a4..5851ea657 100644 --- a/charts/descheduler/README.md +++ b/charts/descheduler/README.md @@ -43,35 +43,44 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the _descheduler_ chart and their default values. -| Parameter | Description | Default | -|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------------------------------| -| `kind` | Use as CronJob or Deployment | `CronJob` | -| `image.repository` | Docker repository to use | `k8s.gcr.io/descheduler/descheduler` | -| `image.tag` | Docker tag to use | `v[chart appVersion]` | -| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | -| `imagePullSecrets` | Docker repository secrets | `[]` | -| `nameOverride` | String to partially override `descheduler.fullname` template (will prepend the release name) | `""` | -| `fullnameOverride` | String to fully override `descheduler.fullname` template | `""` | -| `cronJobApiVersion` | CronJob API Group Version | `"batch/v1"` | -| `schedule` | The cron schedule to run the _descheduler_ job on | `"*/2 * * * *"` | -| `startingDeadlineSeconds` | If set, configure `startingDeadlineSeconds` for the _descheduler_ job | `nil` | -| `successfulJobsHistoryLimit` | If set, configure `successfulJobsHistoryLimit` for the _descheduler_ job | `nil` | -| `failedJobsHistoryLimit` | If set, configure `failedJobsHistoryLimit` for the _descheduler_ job | `nil` | -| `deschedulingInterval` | If using kind:Deployment, sets time between consecutive descheduler executions. | `5m` | -| `replicas` | The replica count for Deployment | `1` | -| `leaderElection` | The options for high availability when running replicated components | _see values.yaml_ | -| `cmdOptions` | The options to pass to the _descheduler_ command | _see values.yaml_ | -| `deschedulerPolicy.strategies` | The _descheduler_ strategies to apply | _see values.yaml_ | -| `priorityClassName` | The name of the priority class to add to pods | `system-cluster-critical` | -| `rbac.create` | If `true`, create & use RBAC resources | `true` | -| `podSecurityPolicy.create` | If `true`, create PodSecurityPolicy | `true` | -| `resources` | Descheduler container CPU and memory requests/limits | _see values.yaml_ | -| `serviceAccount.create` | If `true`, create a service account for the cron job | `true` | -| `serviceAccount.name` | The name of the service account to use, if not set and create is true a name is generated using the fullname template | `nil` | -| `serviceAccount.annotations` | Specifies custom annotations for the serviceAccount | `{}` | -| `nodeSelector` | Node selectors to run the descheduler cronjob/deployment on specific nodes | `nil` | -| `affinity` | Node affinity to run the descheduler cronjob/deployment on specific nodes | `nil` | -| `tolerations` | tolerations to run the descheduler cronjob/deployment on specific nodes | `nil` | -| `suspend` | Set spec.suspend in descheduler cronjob | `false` | -| `commonLabels` | Labels to apply to all resources | `{}` | -| `livenessProbe` | Liveness probe configuration for the descheduler container | _see values.yaml_ | +| Parameter | Description | Default | +|-------------------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------------------------------| +| `kind` | Use as CronJob or Deployment | `CronJob` | +| `image.repository` | Docker repository to use | `k8s.gcr.io/descheduler/descheduler` | +| `image.tag` | Docker tag to use | `v[chart appVersion]` | +| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | +| `imagePullSecrets` | Docker repository secrets | `[]` | +| `nameOverride` | String to partially override `descheduler.fullname` template (will prepend the release name) | `""` | +| `fullnameOverride` | String to fully override `descheduler.fullname` template | `""` | +| `cronJobApiVersion` | CronJob API Group Version | `"batch/v1"` | +| `schedule` | The cron schedule to run the _descheduler_ job on | `"*/2 * * * *"` | +| `startingDeadlineSeconds` | If set, configure `startingDeadlineSeconds` for the _descheduler_ job | `nil` | +| `successfulJobsHistoryLimit` | If set, configure `successfulJobsHistoryLimit` for the _descheduler_ job | `nil` | +| `failedJobsHistoryLimit` | If set, configure `failedJobsHistoryLimit` for the _descheduler_ job | `nil` | +| `deschedulingInterval` | If using kind:Deployment, sets time between consecutive descheduler executions. | `5m` | +| `replicas` | The replica count for Deployment | `1` | +| `leaderElection` | The options for high availability when running replicated components | _see values.yaml_ | +| `cmdOptions` | The options to pass to the _descheduler_ command | _see values.yaml_ | +| `deschedulerPolicy.strategies` | The _descheduler_ strategies to apply | _see values.yaml_ | +| `priorityClassName` | The name of the priority class to add to pods | `system-cluster-critical` | +| `rbac.create` | If `true`, create & use RBAC resources | `true` | +| `podSecurityPolicy.create` | If `true`, create PodSecurityPolicy | `true` | +| `resources` | Descheduler container CPU and memory requests/limits | _see values.yaml_ | +| `serviceAccount.create` | If `true`, create a service account for the cron job | `true` | +| `serviceAccount.name` | The name of the service account to use, if not set and create is true a name is generated using the fullname template | `nil` | +| `serviceAccount.annotations` | Specifies custom annotations for the serviceAccount | `{}` | +| `nodeSelector` | Node selectors to run the descheduler cronjob/deployment on specific nodes | `nil` | +| `service.enabled` | If `true`, create a service for deployment | `false` | +| `serviceMonitor.enabled` | If `true`, create a ServiceMonitor for deployment | `false` | +| `serviceMonitor.namespace` | The namespace where Prometheus expects to find service monitors | `nil` | +| `serviceMonitor.interval` | The scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `serviceMonitor.honorLabels` | Keeps the scraped data's labels when labels are on collisions with target labels. | `true` | +| `serviceMonitor.insecureSkipVerify` | Skip TLS certificate validation when scraping | `true` | +| `serviceMonitor.serverName` | Name of the server to use when validating TLS certificate | `nil` | +| `serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples after scraping, but before ingestion | `[]` | +| `serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `affinity` | Node affinity to run the descheduler cronjob/deployment on specific nodes | `nil` | +| `tolerations` | tolerations to run the descheduler cronjob/deployment on specific nodes | `nil` | +| `suspend` | Set spec.suspend in descheduler cronjob | `false` | +| `commonLabels` | Labels to apply to all resources | `{}` | +| `livenessProbe` | Liveness probe configuration for the descheduler container | _see values.yaml_ | diff --git a/charts/descheduler/templates/configmap.yaml b/charts/descheduler/templates/configmap.yaml index a8b620a85..614e61685 100644 --- a/charts/descheduler/templates/configmap.yaml +++ b/charts/descheduler/templates/configmap.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "descheduler.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "descheduler.labels" . | nindent 4 }} data: diff --git a/charts/descheduler/templates/cronjob.yaml b/charts/descheduler/templates/cronjob.yaml index 82db9af6a..0fe1aa2da 100644 --- a/charts/descheduler/templates/cronjob.yaml +++ b/charts/descheduler/templates/cronjob.yaml @@ -3,6 +3,7 @@ apiVersion: {{ .Values.cronJobApiVersion | default "batch/v1" }} kind: CronJob metadata: name: {{ template "descheduler.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "descheduler.labels" . | nindent 4 }} spec: diff --git a/charts/descheduler/templates/deployment.yaml b/charts/descheduler/templates/deployment.yaml index 654575abd..d7d7b2260 100644 --- a/charts/descheduler/templates/deployment.yaml +++ b/charts/descheduler/templates/deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "descheduler.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "descheduler.labels" . | nindent 4 }} spec: diff --git a/charts/descheduler/templates/podsecuritypolicy.yaml b/charts/descheduler/templates/podsecuritypolicy.yaml index c10383fb8..2415d33b8 100644 --- a/charts/descheduler/templates/podsecuritypolicy.yaml +++ b/charts/descheduler/templates/podsecuritypolicy.yaml @@ -3,6 +3,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: {{ template "descheduler.fullname" . }} + namespace: {{ .Release.Namespace }} annotations: seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default' seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default' diff --git a/charts/descheduler/templates/service.yaml b/charts/descheduler/templates/service.yaml new file mode 100644 index 000000000..25f515523 --- /dev/null +++ b/charts/descheduler/templates/service.yaml @@ -0,0 +1,21 @@ +{{- if eq .Values.kind "Deployment" }} +{{- if eq .Values.service.enabled true }} +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "descheduler.labels" . | nindent 4 }} + name: {{ template "descheduler.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + clusterIP: None + ports: + - name: http-metrics + port: 10258 + protocol: TCP + targetPort: 10258 + selector: + {{- include "descheduler.selectorLabels" . | nindent 4 }} + type: ClusterIP +{{- end }} +{{- end }} diff --git a/charts/descheduler/templates/serviceaccount.yaml b/charts/descheduler/templates/serviceaccount.yaml index 060cb5598..325fb8104 100644 --- a/charts/descheduler/templates/serviceaccount.yaml +++ b/charts/descheduler/templates/serviceaccount.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "descheduler.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "descheduler.labels" . | nindent 4 }} {{- if .Values.serviceAccount.annotations }} diff --git a/charts/descheduler/templates/servicemonitor.yaml b/charts/descheduler/templates/servicemonitor.yaml new file mode 100644 index 000000000..800475076 --- /dev/null +++ b/charts/descheduler/templates/servicemonitor.yaml @@ -0,0 +1,41 @@ +{{- if eq .Values.kind "Deployment" }} +{{- if eq .Values.serviceMonitor.enabled true }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "descheduler.fullname" . }}-servicemonitor + namespace: {{ .Values.serviceMonitor.namespace | default .Release.Namespace }} + labels: + {{- include "descheduler.labels" . | nindent 4 }} +spec: + jobLabel: jobLabel + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "descheduler.selectorLabels" . | nindent 6 }} + endpoints: + - honorLabels: {{ .Values.serviceMonitor.honorLabels | default true }} + port: http-metrics + {{- if .Values.serviceMonitor.interval }} + interval: {{ .Values.serviceMonitor.interval }} + {{- end }} + scheme: https + tlsConfig: + {{- if eq .Values.serviceMonitor.insecureSkipVerify true }} + insecureSkipVerify: true + {{- end }} + {{- if .Values.serviceMonitor.serverName }} + serverName: {{ .Values.serviceMonitor.serverName }} + {{- end}} +{{- if .Values.serviceMonitor.metricRelabelings }} + metricRelabelings: +{{ tpl (toYaml .Values.serviceMonitor.metricRelabelings | indent 4) . }} +{{- end }} +{{- if .Values.serviceMonitor.relabelings }} + relabelings: +{{ tpl (toYaml .Values.serviceMonitor.relabelings | indent 4) . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/descheduler/templates/tests/test-descheduler-pod.yaml b/charts/descheduler/templates/tests/test-descheduler-pod.yaml index 9cae44200..cf646e462 100644 --- a/charts/descheduler/templates/tests/test-descheduler-pod.yaml +++ b/charts/descheduler/templates/tests/test-descheduler-pod.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Pod metadata: name: descheduler-test-pod + namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": test spec: @@ -26,4 +27,4 @@ spec: curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl && mv ./kubectl /usr/local/bin/kubectl && - /usr/local/bin/kubectl get pods --namespace kube-system --token "$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | grep "descheduler" | grep "Completed" \ No newline at end of file + /usr/local/bin/kubectl get pods --namespace {{ .Release.Namespace }} --token "$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" | grep "descheduler" | grep "Completed" diff --git a/charts/descheduler/values.yaml b/charts/descheduler/values.yaml index 9b309d7db..756c5fe35 100644 --- a/charts/descheduler/values.yaml +++ b/charts/descheduler/values.yaml @@ -145,3 +145,25 @@ livenessProbe: initialDelaySeconds: 3 periodSeconds: 10 +service: + enabled: false + +serviceMonitor: + enabled: false + # The namespace where Prometheus expects to find service monitors. + # namespace: "" + interval: "" + # honorLabels: true + insecureSkipVerify: true + serverName: null + metricRelabelings: [] + # - action: keep + # regex: 'descheduler_(build_info|pods_evicted)' + # sourceLabels: [__name__] + relabelings: [] + # - sourceLabels: [__meta_kubernetes_pod_node_name] + # separator: ; + # regex: ^(.*)$ + # targetLabel: nodename + # replacement: $1 + # action: replace