[kube-prometheus-stack] Chore: Improve kubelet ServiceMonitor

Refactor the Kubelet ServiceMonitor with a helper template for handling http/https schema. This will reduce the chance of copy-pasta mistakes when updating the different kubelet monitoring endpoints. * Define `kube-prometheus-stack.kubelet.scheme` for the port/schema. * Define `kube-prometheus-stack.kubelet.authConfig` for TLS access controls. Signed-off-by: SuperQ <[email protected]>
prometheus-community · Dec 15, 2024 · c489a46 · c489a46
1 parent c8d410d
commit c489a46
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 132 deletions.
diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml
@@ -23,7 +23,7 @@ name: kube-prometheus-stack
 sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
-version: 66.7.0
+version: 66.7.1
 appVersion: v0.79.0
 kubeVersion: ">=1.19.0-0"
 home: https://github.com/prometheus-operator/kube-prometheus

diff --git a/charts/kube-prometheus-stack/templates/_helpers.tpl b/charts/kube-prometheus-stack/templates/_helpers.tpl
@@ -318,3 +318,16 @@ global:
 {{ $fullname }}-webhook.{{ $namespace }}.svc
 {{- end }}
 {{- end }}
+
+{{/* To help configure the kubelet servicemonitor for http or https. */}}
+{{- define "kube-prometheus-stack.kubelet.scheme" }}
+{{- if .Values.kubelet.serviceMonitor.https }}https{{ else }}http{{ end }}
+{{- end }}
+{{- define "kube-prometheus-stack.kubelet.authConfig" }}
+{{- if .Values.kubelet.serviceMonitor.https }}
+tlsConfig:
+  caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+  insecureSkipVerify: {{ .Values.kubelet.serviceMonitor.insecureSkipVerify }}
+bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+{{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml
@@ -20,10 +20,21 @@ spec:
   attachMetadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+  jobLabel: k8s-app
+  {{- with .Values.kubelet.serviceMonitor.targetLabels }}
+  targetLabels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Values.kubelet.namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kubelet
+      k8s-app: kubelet
   endpoints:
-  {{- if .Values.kubelet.serviceMonitor.https }}
-  - port: https-metrics
-    scheme: https
+  - port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
+    scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
     {{- if .Values.kubelet.serviceMonitor.interval }}
     interval: {{ .Values.kubelet.serviceMonitor.interval }}
     {{- end }}
@@ -33,10 +44,7 @@ spec:
     {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
     scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
     {{- end }}
-    tlsConfig:
-      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      insecureSkipVerify: {{ .Values.kubelet.serviceMonitor.insecureSkipVerify }}
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    {{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
     honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
     honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
 {{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
@@ -48,8 +56,8 @@ spec:
 {{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }}
 {{- end }}
 {{- if .Values.kubelet.serviceMonitor.cAdvisor }}
-  - port: https-metrics
-    scheme: https
+  - port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
+    scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
     path: /metrics/cadvisor
     {{- if .Values.kubelet.serviceMonitor.interval }}
     interval: {{ .Values.kubelet.serviceMonitor.interval }}
@@ -63,10 +71,7 @@ spec:
     honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
     honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
     trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
-    tlsConfig:
-      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      insecureSkipVerify: true
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    {{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
 {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
     metricRelabelings:
 {{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }}
@@ -77,8 +82,8 @@ spec:
 {{- end }}
 {{- end }}
 {{- if .Values.kubelet.serviceMonitor.probes }}
-  - port: https-metrics
-    scheme: https
+  - port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
+    scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
     path: /metrics/probes
     {{- if .Values.kubelet.serviceMonitor.interval }}
     interval: {{ .Values.kubelet.serviceMonitor.interval }}
@@ -91,10 +96,7 @@ spec:
     {{- end }}
     honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
     honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
-    tlsConfig:
-      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      insecureSkipVerify: true
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    {{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }}
 {{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }}
     metricRelabelings:
 {{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }}
@@ -105,9 +107,10 @@ spec:
 {{- end }}
 {{- end }}
 {{- if .Values.kubelet.serviceMonitor.resource }}
-  - port: https-metrics
-    scheme: https
+  - port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics
+    scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }}
     path: {{ .Values.kubelet.serviceMonitor.resourcePath }}
+    {{- include "kube-prometheus-stack.kubelet.authConfig" .  | indent 4 }}
     {{- if .Values.kubelet.serviceMonitor.interval }}
     interval: {{ .Values.kubelet.serviceMonitor.interval }}
     {{- end }}
@@ -120,10 +123,6 @@ spec:
     honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
     honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
     trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
-    tlsConfig:
-      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      insecureSkipVerify: true
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
 {{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }}
     metricRelabelings:
 {{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }}
@@ -133,110 +132,4 @@ spec:
 {{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }}
 {{- end }}
 {{- end }}
-  {{- else }}
-  - port: http-metrics
-    {{- if .Values.kubelet.serviceMonitor.interval }}
-    interval: {{ .Values.kubelet.serviceMonitor.interval }}
-    {{- end }}
-    {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
-    proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
-    {{- end }}
-    {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
-    scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
-    {{- end }}
-    honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
-    honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
-    trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
-{{- if .Values.kubelet.serviceMonitor.metricRelabelings }}
-    metricRelabelings:
-{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }}
 {{- end }}
-{{- if .Values.kubelet.serviceMonitor.relabelings }}
-    relabelings:
-{{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }}
-{{- end }}
-{{- if .Values.kubelet.serviceMonitor.cAdvisor }}
-  - port: http-metrics
-    path: /metrics/cadvisor
-    {{- if .Values.kubelet.serviceMonitor.interval }}
-    interval: {{ .Values.kubelet.serviceMonitor.interval }}
-    {{- end }}
-    {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
-    proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
-    {{- end }}
-    {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
-    scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
-    {{- end }}
-    honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
-    honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
-    trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
-{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }}
-    metricRelabelings:
-{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }}
-{{- end }}
-{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }}
-    relabelings:
-{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }}
-{{- end }}
-{{- if .Values.kubelet.serviceMonitor.probes }}
-  - port: http-metrics
-    path: /metrics/probes
-    {{- if .Values.kubelet.serviceMonitor.interval }}
-    interval: {{ .Values.kubelet.serviceMonitor.interval }}
-    {{- end }}
-    {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
-    proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
-    {{- end }}
-    {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
-    scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
-    {{- end }}
-    honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
-    honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
-{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }}
-    metricRelabelings:
-{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }}
-{{- end }}
-{{- if .Values.kubelet.serviceMonitor.probesRelabelings }}
-    relabelings:
-{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }}
-{{- end }}
-{{- end }}
-{{- if .Values.kubelet.serviceMonitor.resource }}
-  - port: http-metrics
-    path: {{ .Values.kubelet.serviceMonitor.resourcePath }}
-    {{- if .Values.kubelet.serviceMonitor.interval }}
-    interval: {{ .Values.kubelet.serviceMonitor.interval }}
-    {{- end }}
-    {{- if .Values.kubelet.serviceMonitor.proxyUrl }}
-    proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }}
-    {{- end }}
-    {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }}
-    scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }}
-    {{- end }}
-    honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }}
-    honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }}
-    trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }}
-{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }}
-    metricRelabelings:
-{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }}
-{{- end }}
-{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }}
-    relabelings:
-{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }}
-{{- end }}
-{{- end }}
-{{- end }}
-  {{- end }}
-  jobLabel: k8s-app
-  {{- with .Values.kubelet.serviceMonitor.targetLabels }}
-  targetLabels:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  namespaceSelector:
-    matchNames:
-    - {{ .Values.kubelet.namespace }}
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: kubelet
-      k8s-app: kubelet
-{{- end}}