diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index 19ad78ec3..3c99734f8 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -75,6 +75,10 @@ releases: privileged: true optional: true dependsOn: [cilium,victoria-metrics-operator] + values: + scrapeRules: + etcd: + enabled: true - name: metallb releaseName: metallb diff --git a/packages/core/platform/bundles/distro-hosted.yaml b/packages/core/platform/bundles/distro-hosted.yaml index 45f58a8c2..650efccde 100644 --- a/packages/core/platform/bundles/distro-hosted.yaml +++ b/packages/core/platform/bundles/distro-hosted.yaml @@ -58,6 +58,10 @@ releases: privileged: true optional: true dependsOn: [victoria-metrics-operator] + values: + scrapeRules: + etcd: + enabled: true - name: etcd-operator releaseName: etcd-operator diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 328d0bbbf..b45992ecd 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -97,6 +97,10 @@ releases: namespace: cozy-monitoring privileged: true dependsOn: [cilium,kubeovn,victoria-metrics-operator] + values: + scrapeRules: + etcd: + enabled: true - name: kubevirt-operator releaseName: kubevirt-operator diff --git a/packages/core/platform/bundles/paas-hosted.yaml b/packages/core/platform/bundles/paas-hosted.yaml index 3b1085cda..82edc2ab7 100644 --- a/packages/core/platform/bundles/paas-hosted.yaml +++ b/packages/core/platform/bundles/paas-hosted.yaml @@ -70,6 +70,10 @@ releases: namespace: cozy-monitoring privileged: true dependsOn: [victoria-metrics-operator] + values: + scrapeRules: + etcd: + enabled: true - name: etcd-operator releaseName: etcd-operator diff --git a/packages/system/monitoring-agents/templates/etcd-proxy-scrape.yaml b/packages/system/monitoring-agents/templates/etcd-proxy-scrape.yaml new file mode 100644 index 000000000..275a6f479 --- /dev/null +++ b/packages/system/monitoring-agents/templates/etcd-proxy-scrape.yaml @@ -0,0 +1,138 @@ +{{- if .Values.scrapeRules.etcd.enabled }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-rbac-proxy + namespace: cozy-monitoring + labels: + app: kube-rbac-proxy +spec: + selector: + matchLabels: + app: kube-rbac-proxy + template: + metadata: + labels: + app: kube-rbac-proxy + spec: + serviceAccountName: kube-rbac-proxy + hostNetwork: true + nodeSelector: + node-role.kubernetes.io/control-plane: "" + containers: + - name: kube-rbac-proxy + image: quay.io/brancz/kube-rbac-proxy:v0.11.0 + args: + - "--secure-listen-address=$(NODE_IP):9443" + - "--upstream=http://127.0.0.1:2381/" + env: + - name: NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + ports: + - containerPort: 9443 + name: etcd-metrics + securityContext: + runAsUser: 1000 + runAsNonRoot: true + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-rbac-proxy + namespace: cozy-monitoring + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kube-rbac-proxy-auth +rules: + - apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] + - apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-rbac-proxy-auth-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kube-rbac-proxy-auth +subjects: + - kind: ServiceAccount + name: kube-rbac-proxy + namespace: cozy-monitoring + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vm-scrape + namespace: cozy-monitoring + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: etcd-metrics-reader +rules: +- nonResourceURLs: ["/metrics"] + verbs: ["get"] + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: etcd-metrics-reader +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: etcd-metrics-reader +subjects: +- kind: ServiceAccount + name: vm-scrape + namespace: cozy-monitoring + +--- + +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: vm-token + annotations: + kubernetes.io/service-account.name: vm-scrape + +--- + +apiVersion: operator.victoriametrics.com/v1beta1 +kind: VMPodScrape +metadata: + name: etcd-managment-scrape +spec: + podMetricsEndpoints: + - port: etcd-metrics + scheme: https + tlsConfig: + insecureSkipVerify: true + bearerTokenSecret: + name: vm-token + key: token + selector: + matchLabels: + app: kube-rbac-proxy +{{- end }} diff --git a/packages/system/monitoring-agents/templates/etcd-scrape.yaml b/packages/system/monitoring-agents/templates/etcd-scrape.yaml deleted file mode 100644 index 829e0040b..000000000 --- a/packages/system/monitoring-agents/templates/etcd-scrape.yaml +++ /dev/null @@ -1,34 +0,0 @@ -#--- -#apiVersion: operator.victoriametrics.com/v1beta1 -#kind: VMNodeScrape -#metadata: -# name: kube-etcd -# namespace: cozy-monitoring -#spec: -# selector: -# node-role.kubernetes.io/control-plane: "" -# bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token -# honorLabels: true -# metricRelabelConfigs: -# - action: labeldrop -# regex: (uid) -# - action: labeldrop -# regex: (id|name) -# - action: drop -# regex: (rest_client_request_duration_seconds_bucket|rest_client_request_duration_seconds_sum|rest_client_request_duration_seconds_count) -# source_labels: -# - __name__ -# port: "2379" -# relabelConfigs: -# - action: labelmap -# regex: __meta_kubernetes_node_label_(.+) -# - sourceLabels: -# - __metrics_path__ -# targetLabel: metrics_path -# - replacement: etcd -# targetLabel: job -# scheme: https -# scrapeTimeout: 5s -# tlsConfig: -# caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -# insecureSkipVerify: true diff --git a/packages/system/monitoring-agents/values.yaml b/packages/system/monitoring-agents/values.yaml index 250db7d82..d7cb50afd 100644 --- a/packages/system/monitoring-agents/values.yaml +++ b/packages/system/monitoring-agents/values.yaml @@ -359,3 +359,7 @@ fluent-bit: Name modify Match * Add cluster root-cluster + +scrapeRules: + etcd: + enabled: false