diff options
author | Srivahni <srivahni.chivukula@intel.com> | 2019-03-22 14:33:38 -0700 |
---|---|---|
committer | Srivahni <srivahni.chivukula@intel.com> | 2019-03-22 14:34:48 -0700 |
commit | c527da2405524418adb9eb27ce41391290ba41bc (patch) | |
tree | 5738d3d05e8274d6bbed8adbe19f13cd223ea48c /vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates | |
parent | 3c861dd4e53b43c94e60d28ec3699119966c6ceb (diff) |
Fix node exporter integration with Prometheus
Change-Id: I05fe6c74bccad6dd2fd515dcda4d4efe7e9a50dd
Issue-ID: ONAPARC-440
Signed-off-by: Srivahni Chivukula <srivahni.chivukula@intel.com>
Diffstat (limited to 'vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates')
10 files changed, 322 insertions, 0 deletions
diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/NOTES.txt b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/NOTES.txt new file mode 100755 index 00000000..4902798f --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "prometheus-node-exporter.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "prometheus-node-exporter.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "prometheus-node-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "prometheus-node-exporter.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/_helpers.tpl b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/_helpers.tpl new file mode 100755 index 00000000..4f0e2dfe --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/_helpers.tpl @@ -0,0 +1,55 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus-node-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prometheus-node-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Generate basic labels */}} +{{- define "prometheus-node-exporter.labels" }} +app: {{ template "prometheus-node-exporter.name" . }} +heritage: {{.Release.Service }} +release: {{.Release.Name }} +chart: {{ template "prometheus-node-exporter.chart" . }} +{{- if .Values.podLabels}} +{{ toYaml .Values.podLabels }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus-node-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "prometheus-node-exporter.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "prometheus-node-exporter.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/daemonset.yaml b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/daemonset.yaml new file mode 100755 index 00000000..dfb15f1d --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/daemonset.yaml @@ -0,0 +1,98 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }} + spec: +{{- if and .Values.rbac.create .Values.serviceAccount.create }} + serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }} +{{- end }} +{{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} +{{- end }} +{{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} +{{- end }} + containers: + - name: node-exporter + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - --path.procfs=/host/proc + - --path.sysfs=/host/sys + - --web.listen-address=0.0.0.0:{{ .Values.service.port }} +{{- if .Values.extraArgs }} +{{ toYaml .Values.extraArgs | indent 12 }} +{{- end }} + ports: + - name: metrics + containerPort: {{ .Values.service.targetPort }} + protocol: TCP + livenessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.service.port }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: proc + mountPath: /host/proc + readOnly: true + - name: sys + mountPath: /host/sys + readOnly: true + {{- if .Values.extraHostVolumeMounts }} + {{- range $_, $mount := .Values.extraHostVolumeMounts }} + - name: {{ $mount.name }} + mountPath: {{ $mount.mountPath }} + readOnly: {{ $mount.readOnly }} + {{- if $mount.mountPropagation }} + mountPropagation: {{ $mount.mountPropagation }} + {{- end }} + {{- end }} + {{- end }} + hostNetwork: true + hostPID: true +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: proc + hostPath: + path: /proc + - name: sys + hostPath: + path: /sys + {{- if .Values.extraHostVolumeMounts }} + {{- range $_, $mount := .Values.extraHostVolumeMounts }} + - name: {{ $mount.name }} + hostPath: + path: {{ $mount.hostPath }} + {{- end }} + {{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/endpoints.yaml b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/endpoints.yaml new file mode 100755 index 00000000..4c5c75fa --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/endpoints.yaml @@ -0,0 +1,17 @@ +{{- if .Values.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + labels: +{{ include "prometheus-node-exporter.labels" . | indent 4 }} +subsets: + - addresses: + {{- range .Values.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: metrics + port: 9100 + protocol: TCP +{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/monitor.yaml b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/monitor.yaml new file mode 100755 index 00000000..9c723e69 --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/monitor.yaml @@ -0,0 +1,17 @@ +{{- if .Values.prometheus.monitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} + {{- if .Values.prometheus.monitor.additionalLabels }} +{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} + endpoints: + - port: metrics +{{- end }} diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml new file mode 100755 index 00000000..3d0a636a --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp-clusterrole.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} + name: psp-{{ template "prometheus-node-exporter.fullname" . }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "prometheus-node-exporter.fullname" . }} +{{- end }} +{{- end }} diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml new file mode 100755 index 00000000..50f7a149 --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp-clusterrolebinding.yaml @@ -0,0 +1,17 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} + name: psp-{{ template "prometheus-node-exporter.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: psp-{{ template "prometheus-node-exporter.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "prometheus-node-exporter.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp.yaml b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp.yaml new file mode 100755 index 00000000..1fa6f289 --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/psp.yaml @@ -0,0 +1,51 @@ +{{- if .Values.rbac.create }} +{{- if .Values.rbac.pspEnabled }} +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} + name: {{ template "prometheus-node-exporter.fullname" . }} +spec: + privileged: false + # Required to prevent escalations to root. + # allowPrivilegeEscalation: false + # This is redundant with non-root + disallow privilege escalation, + # but we can provide it for defense in depth. + #requiredDropCapabilities: + # - ALL + # Allow core volume types. + volumes: + - 'configMap' + - 'emptyDir' + - 'projected' + - 'secret' + - 'downwardAPI' + - 'persistentVolumeClaim' + - 'hostPath' + hostNetwork: true + hostIPC: false + hostPID: true + hostPorts: + - min: 0 + max: 65535 + runAsUser: + # Permits the container to run with root privileges as well. + rule: 'RunAsAny' + seLinux: + # This policy assumes the nodes are using AppArmor rather than SELinux. + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + # Forbid adding the root group. + - min: 0 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} +{{- end }} diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/service.yaml b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/service.yaml new file mode 100755 index 00000000..cffe547b --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: {{ include "prometheus-node-exporter.labels" . | indent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + targetPort: {{ .Values.service.targetPort }} + protocol: TCP + name: metrics + selector: + app: {{ template "prometheus-node-exporter.name" . }} + release: {{ .Release.Name }} diff --git a/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/serviceaccount.yaml b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/serviceaccount.yaml new file mode 100755 index 00000000..b70745aa --- /dev/null +++ b/vnfs/DAaaS/collection/charts/prometheus-node-exporter/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "prometheus-node-exporter.serviceAccountName" . }} + labels: + app: {{ template "prometheus-node-exporter.name" . }} + chart: {{ template "prometheus-node-exporter.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end -}} +{{- end -}}
\ No newline at end of file |