From 82ac662075e593e03eddba3722fb6f43a027dbfa Mon Sep 17 00:00:00 2001 From: Gerrit Date: Fri, 7 Jul 2023 10:16:06 +0200 Subject: [PATCH] Add gardener-metrics-exporter. --- .../roles/monitoring/defaults/main/main.yaml | 8 ++ .../roles/monitoring/tasks/exporters.yaml | 8 +- .../gardener-metrics-exporter.yaml | 104 ++++++++++++++++++ 3 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 control-plane/roles/monitoring/templates/metrics-exporters/gardener-metrics-exporter.yaml diff --git a/control-plane/roles/monitoring/defaults/main/main.yaml b/control-plane/roles/monitoring/defaults/main/main.yaml index 140bf8109..c607be191 100644 --- a/control-plane/roles/monitoring/defaults/main/main.yaml +++ b/control-plane/roles/monitoring/defaults/main/main.yaml @@ -40,3 +40,11 @@ monitoring_metal_api_hmac: "metal-admin" # rethinkdb exporter monitoring_rethinkdb_exporter_metal_db_password: "change-me" monitoring_rethinkdb_exporter_metal_db_endpoint: metal-db.metal-control-plane:28015 + +# gardener +monitoring_gardener_enabled: false +monitoring_gardener_virtual_garden_kubeconfig: "{{ lookup('k8s', api_version='v1', kind='Secret', namespace='garden', resource_name='garden-kubeconfig-for-admin').get('data', {}).get('kubeconfig') if monitoring_gardener_enabled else None }}" + +# TODO: move into release vector +monitoring_gardener_metrics_exporter_image_name: eu.gcr.io/gardener-project/gardener/metrics-exporter +monitoring_gardener_metrics_exporter_image_tag: "0.20.0" diff --git a/control-plane/roles/monitoring/tasks/exporters.yaml b/control-plane/roles/monitoring/tasks/exporters.yaml index b597856d3..1c61d602d 100644 --- a/control-plane/roles/monitoring/tasks/exporters.yaml +++ b/control-plane/roles/monitoring/tasks/exporters.yaml @@ -17,6 +17,13 @@ namespace: "{{ monitoring_namespace }}" apply: true +- name: Deploy gardener-metrics-exporter + k8s: + definition: "{{ lookup('template', 'metrics-exporters/gardener-metrics-exporter.yaml') }}" + namespace: "{{ monitoring_namespace }}" + apply: true + when: monitoring_gardener_enabled + - name: Add webhook-logger k8s: definition: "{{ lookup('template', item) }}" @@ -25,4 +32,3 @@ loop: - webhook-logger-Service.yaml - webhook-logger-Deployment.yaml - diff --git a/control-plane/roles/monitoring/templates/metrics-exporters/gardener-metrics-exporter.yaml b/control-plane/roles/monitoring/templates/metrics-exporters/gardener-metrics-exporter.yaml new file mode 100644 index 000000000..0dae793b2 --- /dev/null +++ b/control-plane/roles/monitoring/templates/metrics-exporters/gardener-metrics-exporter.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gardener-metrics-exporter + labels: + app: gardener + role: metrics-exporter +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gardener.cloud:metrics-exporter +rules: +- apiGroups: + - core.gardener.cloud + resources: + - shoots + - projects + - seeds + - plants + verbs: + - get + - watch + - list +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: gardener.cloud:metrics-exporter +subjects: +- kind: ServiceAccount + name: gardener-metrics-exporter + namespace: {{ monitoring_namespace }} +roleRef: + kind: ClusterRole + name: gardener.cloud:metrics-exporter + apiGroup: rbac.authorization.k8s.io +apiVersion: v1 +kind: Secret +metadata: + name: seed-kubecfg +data: + kubecfg.yaml: {{ monitoring_gardener_virtual_garden_kubeconfig }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gardener-metrics-exporter + labels: +spec: + replicas: 1 + selector: + matchLabels: + app: gardener + role: metrics-exporter + template: + metadata: + labels: + app: gardener + role: metrics-exporter + spec: + serviceAccountName: gardener-metrics-exporter + automountServiceAccountToken: false + containers: + - name: gardener-metrics-exporter + image: {{ monitoring_gardener_metrics_exporter_image_name }}:{{ monitoring_gardener_metrics_exporter_image_tag }} + imagePullPolicy: {{ metal_control_plane_image_pull_policy }} + command: + - /gardener-metrics-exporter + - --bind-address=0.0.0.0 + - --port=2718 + - --kubeconfig=/etc/seed/kubecfg.yaml + ports: + - name: port + containerPort: 2718 + volumeMounts: + - mountPath: /etc/seed + name: seed-kubecfg + readOnly: true + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + volumes: + - name: seed-kubecfg + secret: + defaultMode: 420 + secretName: seed-kubecfg +--- +apiVersion: v1 +kind: Service +metadata: + name: gardener-metrics-exporter + labels: +spec: + type: ClusterIP + sessionAffinity: None + selector: + app: gardener + role: metrics-exporter + ports: + - protocol: TCP + port: 2718 + targetPort: 2718