Add kube-state-metrics configs

README.md

@@ -1,2 +1,62 @@
-# srecon-2019
-Accompanying talk content for SREcon 2019 Americas talk, "Operating within Normal Parameters: Monitoring Kubernetes"
+# Try it: a minimal monitoring stack for Kubernetes
+
+This repository contains configuration files to stand up a minimal monitoring
+stack on a Kubernetes cluster, as well as a number of sample queries you can
+test against your cluster. I tested these configurations and queries against
+the latest 1.12 stable release on GKE (1.12.5-gke.10 as of the time of
+writing).
+
+This README assumes that you already have access to a Kubernetes cluster
+running the 1.12 release. You can spin up a new cluster pretty quickly (it took
+me about 10 minutes) using a free GKE trial. See [the Google Cloud Platform
+console and developer docs][gke] for how to do that; there are also docs
+available for how to install the `gcloud` command line client and `kubectl`
+tool.
+
+[gke]: https://console.cloud.google.com/kubernetes
+
+## Set up `kube-state-metrics` (KSM)
+
+[`kube-state-metrics`][ksm] is like a Prometheus adapter for your current
+cluster state. It provides many [useful metrics][ksm-metrics] that can help you
+understand your cluster's quality of service.
+
+You can deploy the [configurations provided by upstream][ksm-yamls] directly
+from the master branch. I tested using the 1.5.0 release of KSM. A copy of
+the working 1.5.0 configurations is included in this repository for reference
+under the `kube-state-metrics/` folder.
+
+```bash
+# Apply KSM configurations to the cluster
+kubectl apply -f kube-state-metrics/
+
+# Start a proxy to verify metrics
+kubectl proxy &
+
+# Curl the KSM metrics endpoint via the API server proxy
+curl http://localhost:8001/api/v1/namespaces/kube-system/services/kube-state-metrics:8080/proxy/metrics
+ # Output:
+ # # HELP kube_configmap_info Information about configmap.
+ # # TYPE kube_configmap_info gauge
+ # kube_configmap_info{namespace="kube-system",configmap="ingress-uid"} 1
+ # kube_configmap_info{namespace="kube-system",configmap="extension-apiserver-authentication"} 1
+ # ...
+```
+
+[ksm]: https://github.com/kubernetes/kube-state-metrics
+[ksm-metrics]: https://github.com/kubernetes/kube-state-metrics/tree/a6ff45fae22bdab03b1375fd454a9859bebd4d98/docs#exposed-metrics
+[ksm-yamls]: https://github.com/kubernetes/kube-state-metrics/tree/a6ff45fae22bdab03b1375fd454a9859bebd4d98/kubernetes
+
+# License
+
+Copyright (c) 2019 Two Sigma Investments, LP.
+
+Distributed under the Apache License 2.0. See the LICENSE file.
+
+Contents of the `kube-state-metrics/` folder are copyright (c) 2016-2019 The
+Linux Foundation via the Cloud Native Computing Foundation project and
+distributed under the Apache License 2.0.
+
+These files have been copied, unmodified, from the
+[kubernetes/kube-state-metrics][ksm] repository. For full source history, you
+can [view the upstream files][ksm-yamls] at the corresponding VCS commit.

kube-state-metrics/kube-state-metrics-cluster-role-binding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+# kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: kube-state-metrics
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-state-metrics
+subjects:
+- kind: ServiceAccount
+  name: kube-state-metrics
+  namespace: kube-system

kube-state-metrics/kube-state-metrics-cluster-role.yaml

@@ -0,0 +1,48 @@
+apiVersion: rbac.authorization.k8s.io/v1
+# kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: kube-state-metrics
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  - secrets
+  - nodes
+  - pods
+  - services
+  - resourcequotas
+  - replicationcontrollers
+  - limitranges
+  - persistentvolumeclaims
+  - persistentvolumes
+  - namespaces
+  - endpoints
+  verbs: ["list", "watch"]
+- apiGroups: ["extensions"]
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - ingresses
+  verbs: ["list", "watch"]
+- apiGroups: ["apps"]
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - statefulsets
+  verbs: ["list", "watch"]
+- apiGroups: ["batch"]
+  resources:
+  - cronjobs
+  - jobs
+  verbs: ["list", "watch"]
+- apiGroups: ["autoscaling"]
+  resources:
+  - horizontalpodautoscalers
+  verbs: ["list", "watch"]
+- apiGroups: ["policy"]
+  resources:
+  - poddisruptionbudgets
+  verbs: ["list", "watch"]

kube-state-metrics/kube-state-metrics-deployment.yaml

@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+# Kubernetes version 1.8.x should use apps/v1beta2
+# Kubernetes versions before 1.8.0 should use apps/v1beta1 or extensions/v1beta1
+kind: Deployment
+metadata:
+  name: kube-state-metrics
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      k8s-app: kube-state-metrics
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        k8s-app: kube-state-metrics
+    spec:
+      serviceAccountName: kube-state-metrics
+      containers:
+      - name: kube-state-metrics
+        image: quay.io/coreos/kube-state-metrics:v1.5.0
+        ports:
+        - name: http-metrics
+          containerPort: 8080
+        - name: telemetry
+          containerPort: 8081
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+      - name: addon-resizer
+        image: k8s.gcr.io/addon-resizer:1.8.3
+        resources:
+          limits:
+            cpu: 150m
+            memory: 50Mi
+          requests:
+            cpu: 150m
+            memory: 50Mi
+        env:
+          - name: MY_POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: MY_POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+        command:
+          - /pod_nanny
+          - --container=kube-state-metrics
+          - --cpu=100m
+          - --extra-cpu=1m
+          - --memory=100Mi
+          - --extra-memory=2Mi
+          - --threshold=5
+          - --deployment=kube-state-metrics

kube-state-metrics/kube-state-metrics-role-binding.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+# kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: kube-state-metrics
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kube-state-metrics-resizer
+subjects:
+- kind: ServiceAccount
+  name: kube-state-metrics
+  namespace: kube-system

kube-state-metrics/kube-state-metrics-role.yaml

@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+# kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  namespace: kube-system
+  name: kube-state-metrics-resizer
+rules:
+- apiGroups: [""]
+  resources:
+  - pods
+  verbs: ["get"]
+- apiGroups: ["apps"]
+  resources:
+  - deployments
+  resourceNames: ["kube-state-metrics"]
+  verbs: ["get", "update"]
+- apiGroups: ["extensions"]
+  resources:
+  - deployments
+  resourceNames: ["kube-state-metrics"]
+  verbs: ["get", "update"]

kube-state-metrics/kube-state-metrics-service-account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-state-metrics
+  namespace: kube-system

kube-state-metrics/kube-state-metrics-service.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kube-state-metrics
+  namespace: kube-system
+  labels:
+    k8s-app: kube-state-metrics
+  annotations:
+    prometheus.io/scrape: 'true'
+spec:
+  ports:
+  - name: http-metrics
+    port: 8080
+    targetPort: http-metrics
+    protocol: TCP
+  - name: telemetry
+    port: 8081
+    targetPort: telemetry
+    protocol: TCP
+  selector:
+    k8s-app: kube-state-metrics