Merge pull request #8075 from paologallinaharbur/patch-3

feat(k8sDocs): clarify controlPlane monitoring
newrelic · Jun 22, 2022 · b87e59c · b87e59c
2 parents 58fe8a6 + 3aa5167
commit b87e59c
Showing 1 changed file with 40 additions and 25 deletions.
diff --git a/...netes-integration/advanced-configuration/configure-control-plane-monitoring.mdx b/...netes-integration/advanced-configuration/configure-control-plane-monitoring.mdx
@@ -56,11 +56,25 @@ Each component of the control plane has a dedicated section, which allows to ind
   src={kubernetesIntegrationCP}
 />
 
+You can check all configuration options available in the [values.yaml](https://github.com/newrelic/nri-kubernetes/blob/main/charts/newrelic-infrastructure/values.yaml) of the nri-kubernetes chart under the `controlPlane` key.
+
+If you are installing the integration thorught the `nri-bundle` chart you need to [pass the values to the corresponding subchart](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/). For example to disable the `etcd` monitoring in the `controlPlane` component you can do the following:
+
+```yaml
+newrelic-infrastructure:
+  controlPlane:
+    config:
+      etcd:
+        enabled: false
+```
 
 ### Autodiscovery and default configuration [#autodiscovery-default]
 
 By default, our [Helm Chart](/docs/kubernetes-pixie/kubernetes-integration/installation/install-kubernetes-integration-using-helm) ships a configuration that should work out of the box for some control plane components for on-premise distributions that run the control plane inside the cluster, such as `Kubeadm` or `minikube`.
 
+Notice that since autodiscovery relies on pod labels as a discovery mechanism, it does not work in cloud environments or whenever the control plane compoenents are not running inside the cluster.
+However, [static endpoint](#static-endpoints) can be leveraged in these scenarios if control plane components are reachable.
+
 #### `hostNetwork` and `privileged` [#hostnetwork-privileged]
 
 In versions lower than v3, when the integration is deployed using `privileged: false`, the `hostNetwork` setting for the control plane component will be also be set to `false`.
@@ -217,6 +231,8 @@ controlPlane:
 
 Please note that this only applies to the API Server and that etcd, the scheduler, and the controller manager remain inaccessible in cloud environments.
 
+Moreover, be aware that, depending on the specific managed or cloud environment, the Kubernetes service could be loadbalancing the traffic among different instances of the API Server. In this case, the metrics that depends on the specific instance being selected by the loadbalancer are not reliable.
+
 #### Control plane monitoring for Rancher RKE1 [#rancher]
 
 Clusters deployed leveraging Rancher Kubernetes Engine (RKE1) run control plane components as Docker containers, and not as Pods managed by the Kubelet. 
@@ -230,31 +246,30 @@ For example, in order to make the Scheduler and the Controller Manager metrics r
 Assuming that every component is reachable at the specified port, the following configuration will monitor the API Server, the Scheduler and the Controller Manager: 
 
 ```yaml
-  scraper:
-    enabled: true
-    kind: DaemonSet
-    config:
-      scheduler:
-        enabled: true
-        staticEndpoint:
-          url: https://localhost:10259
-          insecureSkipVerify: true
-          auth:
-            type: bearer
-      controllerManager:
-        enabled: true
-        staticEndpoint:
-          url: https://localhost:10257
-          insecureSkipVerify: true
-          auth:
-            type: bearer
-      apiServer:
-        enabled: true
-        staticEndpoint:
-          url: https://localhost:6443
-          insecureSkipVerify: true
-          auth:
-            type: bearer
+controlPlane:
+  kind: DaemonSet
+  config:
+    scheduler:
+      enabled: true
+      staticEndpoint:
+        url: https://localhost:10259
+        insecureSkipVerify: true
+        auth:
+          type: bearer
+    controllerManager:
+      enabled: true
+      staticEndpoint:
+        url: https://localhost:10257
+        insecureSkipVerify: true
+        auth:
+          type: bearer
+    apiServer:
+      enabled: true
+      staticEndpoint:
+        url: https://localhost:6443
+        insecureSkipVerify: true
+        auth:
+          type: bearer
 ```
 
 In this example, the integration needs to run on the same node of each control plane component that has the `hostNetwork` option set to true, since it's connecting locally to each `staticEndpoint`. Therefore, `controlPlane.kind` has to be kept as `DaemonSet`. Also, the DaemonSet needs affinity rules, nodeSelector, and tolerations configured so that all instances are running on all control plane nodes you want to monitor.