-
Notifications
You must be signed in to change notification settings - Fork 0
/
kube-vip-watcher.yaml
185 lines (178 loc) · 5.56 KB
/
kube-vip-watcher.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
apiVersion: apps/v1
kind: Deployment
metadata:
name: kube-vip-watcher
namespace: monitoring
labels:
app: kube-vip-watcher
spec:
# no need to run it multiple times!
replicas: 1
selector:
matchLabels:
app: kube-vip-watcher
template:
metadata:
labels:
app: kube-vip-watcher
spec:
containers:
- image: my-repo.home.arpa/kube-vip-watcher:v0.10
name: kube-vip-watcher
livenessProbe:
failureThreshold: 3
exec:
command:
- /opt/script/kube-vip-watcher/healthchecks/liveness.py
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
readinessProbe:
failureThreshold: 3
exec:
command:
- /opt/script/kube-vip-watcher/healthchecks/readiness.py
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 2
timeoutSeconds: 2
resources:
requests:
memory: 64Mi
cpu: 0.1
limits:
# so the workload cannot take all the resources if something goes wrong
memory: 128Mi
cpu: 1
volumeMounts:
- name: kube-vip-watcher-log-settings-volume # the logging-settings-file for the watcher
mountPath: /opt/script/kube-vip-watcher/lib/settings.py
subPath: settings.py
readOnly: true
serviceAccountName: kube-vip-watcher
#imagePullSecrets:
#- name: your-secret
volumes:
- name: kube-vip-watcher-log-settings-volume
configMap:
name: kube-vip-watcher-log-settings-configmap
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kube-vip-watcher
rules:
- apiGroups:
- "" # "" indicates the core API group
- "coordination.k8s.io"
resources:
- pods
- namespaces
- services
- leases
- nodes/status
verbs:
- get
- list
- watch
- apiGroups:
- "" # "" indicates the core API group
- "coordination.k8s.io"
resources:
- services
- leases
verbs:
- create
- update
- patch
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-vip-watcher
namespace: monitoring
secrets:
- name: kube-vip-watcher-token
---
# needed for clusters with v1.24+
apiVersion: v1
kind: Secret
metadata:
name: kube-vip-watcher-token
namespace: monitoring
annotations:
kubernetes.io/service-account.name: kube-vip-watcher
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-vip-watcher
subjects:
- kind: ServiceAccount
name: kube-vip-watcher
namespace: monitoring
roleRef:
kind: ClusterRole
name: kube-vip-watcher
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
metadata:
name: kube-vip-watcher-log-settings-configmap
namespace: monitoring
data:
settings.py: |
import __main__
import os
import socket
import json
# we get the filename from the main calling script
# ATTENTION: if you override this in your main program/script, you also have to override
# the log_format variables! else the override won't have any effect
global_process_name = str(os.path.basename(__main__.__file__))
# settings that may be used in all other classes
# currently one of the following levels may be chosen: "info", "warning", "debug", "error", "critical"
global_log_level = "info"
# set either "string" or "json"
global_log_format_type = "json"
if global_log_format_type == "string":
global_set_log_format = "%(asctime)s " + socket.gethostname() + " " + global_process_name + "[%(process)d]: MODULE: %(name)s LEVEL: %(levelname)s MESSAGE: %(message)s"
else:
# "Elastic Common Schema" compatible
global_set_log_format = {
"@timstamp": "%(asctime)s",
"host": {
"name": socket.gethostname()
},
"process": {
"name": global_process_name,
"id": "%(process)d",
"module": "%(name)s"
},
"log": {
"level": "%(levelname)s"
},
"message": "%(message)s"
}
global_set_log_format = json.dumps(global_set_log_format)
# endif
# the log format shown on the console
# attributes: https://docs.python.org/2/library/logging.html#logrecord-attributes
# global_log_format = "%(asctime)s " + socket.gethostname() + " " + global_process_name + "[%(process)d]: MODULE: %(name)s LEVEL: %(levelname)s MESSAGE: %(message)s"
global_log_format = global_set_log_format
# Set a default log-file - if "disabled" no logfile is written! else give a full-path e.g.: /logs/example.log
global_log_file_path = "disabled"
# the log format written to a file
# global_log_file_format = "%(asctime)s " + socket.gethostname() + " " + global_process_name + "[%(process)d]: MODULE: %(name)s LEVEL: %(levelname)s MESSAGE: %(message)s"
global_log_file_format = global_set_log_format
# send syslog messages
# set to True or False to enable or disable logging to the given syslog-server
# the global_log_format will be used
global_log_server_enable = False
global_log_server = ("127.0.0.1", 1514) # IP/FQDN and port (UDP)
# the log format for syslog messages
# global_log_server_format = "%(asctime)s " + socket.gethostname() + " " + global_process_name + "[%(process)d]: MODULE: %(name)s LEVEL: %(levelname)s MESSAGE: %(message)s"
global_log_server_format = global_set_log_format