From c489a46fde409777c0ce45ad870df90f32860147 Mon Sep 17 00:00:00 2001 From: SuperQ Date: Sun, 15 Dec 2024 18:05:37 +0100 Subject: [PATCH] [kube-prometheus-stack] Chore: Improve kubelet ServiceMonitor Refactor the Kubelet ServiceMonitor with a helper template for handling http/https schema. This will reduce the chance of copy-pasta mistakes when updating the different kubelet monitoring endpoints. * Define `kube-prometheus-stack.kubelet.scheme` for the port/schema. * Define `kube-prometheus-stack.kubelet.authConfig` for TLS access controls. Signed-off-by: SuperQ --- charts/kube-prometheus-stack/Chart.yaml | 2 +- .../templates/_helpers.tpl | 13 ++ .../exporters/kubelet/servicemonitor.yaml | 155 +++--------------- 3 files changed, 38 insertions(+), 132 deletions(-) diff --git a/charts/kube-prometheus-stack/Chart.yaml b/charts/kube-prometheus-stack/Chart.yaml index 1724a479c99d..875cfd554af7 100644 --- a/charts/kube-prometheus-stack/Chart.yaml +++ b/charts/kube-prometheus-stack/Chart.yaml @@ -23,7 +23,7 @@ name: kube-prometheus-stack sources: - https://github.com/prometheus-community/helm-charts - https://github.com/prometheus-operator/kube-prometheus -version: 66.7.0 +version: 66.7.1 appVersion: v0.79.0 kubeVersion: ">=1.19.0-0" home: https://github.com/prometheus-operator/kube-prometheus diff --git a/charts/kube-prometheus-stack/templates/_helpers.tpl b/charts/kube-prometheus-stack/templates/_helpers.tpl index 3bd3bc87690b..b3a5af703dc2 100644 --- a/charts/kube-prometheus-stack/templates/_helpers.tpl +++ b/charts/kube-prometheus-stack/templates/_helpers.tpl @@ -318,3 +318,16 @@ global: {{ $fullname }}-webhook.{{ $namespace }}.svc {{- end }} {{- end }} + +{{/* To help configure the kubelet servicemonitor for http or https. */}} +{{- define "kube-prometheus-stack.kubelet.scheme" }} +{{- if .Values.kubelet.serviceMonitor.https }}https{{ else }}http{{ end }} +{{- end }} +{{- define "kube-prometheus-stack.kubelet.authConfig" }} +{{- if .Values.kubelet.serviceMonitor.https }} +tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + insecureSkipVerify: {{ .Values.kubelet.serviceMonitor.insecureSkipVerify }} +bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token +{{- end }} +{{- end }} diff --git a/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml index 842ebf6d15ba..e6fb50589d02 100644 --- a/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml +++ b/charts/kube-prometheus-stack/templates/exporters/kubelet/servicemonitor.yaml @@ -20,10 +20,21 @@ spec: attachMetadata: {{- toYaml . | nindent 4 }} {{- end }} + jobLabel: k8s-app + {{- with .Values.kubelet.serviceMonitor.targetLabels }} + targetLabels: + {{- toYaml . | nindent 4 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Values.kubelet.namespace }} + selector: + matchLabels: + app.kubernetes.io/name: kubelet + k8s-app: kubelet endpoints: - {{- if .Values.kubelet.serviceMonitor.https }} - - port: https-metrics - scheme: https + - port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics + scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }} {{- if .Values.kubelet.serviceMonitor.interval }} interval: {{ .Values.kubelet.serviceMonitor.interval }} {{- end }} @@ -33,10 +44,7 @@ spec: {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} {{- end }} - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: {{ .Values.kubelet.serviceMonitor.insecureSkipVerify }} - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }} honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} @@ -48,8 +56,8 @@ spec: {{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }} {{- end }} {{- if .Values.kubelet.serviceMonitor.cAdvisor }} - - port: https-metrics - scheme: https + - port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics + scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }} path: /metrics/cadvisor {{- if .Values.kubelet.serviceMonitor.interval }} interval: {{ .Values.kubelet.serviceMonitor.interval }} @@ -63,10 +71,7 @@ spec: honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }} - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }} {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} metricRelabelings: {{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} @@ -77,8 +82,8 @@ spec: {{- end }} {{- end }} {{- if .Values.kubelet.serviceMonitor.probes }} - - port: https-metrics - scheme: https + - port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics + scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }} path: /metrics/probes {{- if .Values.kubelet.serviceMonitor.interval }} interval: {{ .Values.kubelet.serviceMonitor.interval }} @@ -91,10 +96,7 @@ spec: {{- end }} honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }} {{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }} metricRelabelings: {{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }} @@ -105,9 +107,10 @@ spec: {{- end }} {{- end }} {{- if .Values.kubelet.serviceMonitor.resource }} - - port: https-metrics - scheme: https + - port: {{ template "kube-prometheus-stack.kubelet.scheme" . }}-metrics + scheme: {{ template "kube-prometheus-stack.kubelet.scheme" . }} path: {{ .Values.kubelet.serviceMonitor.resourcePath }} + {{- include "kube-prometheus-stack.kubelet.authConfig" . | indent 4 }} {{- if .Values.kubelet.serviceMonitor.interval }} interval: {{ .Values.kubelet.serviceMonitor.interval }} {{- end }} @@ -120,10 +123,6 @@ spec: honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }} - tlsConfig: - caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecureSkipVerify: true - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token {{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} metricRelabelings: {{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} @@ -133,110 +132,4 @@ spec: {{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }} {{- end }} {{- end }} - {{- else }} - - port: http-metrics - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} - honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} - trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }} -{{- if .Values.kubelet.serviceMonitor.metricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.metricRelabelings | indent 4) . }} {{- end }} -{{- if .Values.kubelet.serviceMonitor.relabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.relabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.cAdvisor }} - - port: http-metrics - path: /metrics/cadvisor - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} - honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} - trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }} -{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.probes }} - - port: http-metrics - path: /metrics/probes - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} - honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} -{{- if .Values.kubelet.serviceMonitor.probesMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.probesRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.probesRelabelings | indent 4) . }} -{{- end }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.resource }} - - port: http-metrics - path: {{ .Values.kubelet.serviceMonitor.resourcePath }} - {{- if .Values.kubelet.serviceMonitor.interval }} - interval: {{ .Values.kubelet.serviceMonitor.interval }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.proxyUrl }} - proxyUrl: {{ .Values.kubelet.serviceMonitor.proxyUrl }} - {{- end }} - {{- if .Values.kubelet.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.kubelet.serviceMonitor.scrapeTimeout }} - {{- end }} - honorLabels: {{ .Values.kubelet.serviceMonitor.honorLabels }} - honorTimestamps: {{ .Values.kubelet.serviceMonitor.honorTimestamps }} - trackTimestampsStaleness: {{ .Values.kubelet.serviceMonitor.trackTimestampsStaleness }} -{{- if .Values.kubelet.serviceMonitor.resourceMetricRelabelings }} - metricRelabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceMetricRelabelings | indent 4) . }} -{{- end }} -{{- if .Values.kubelet.serviceMonitor.resourceRelabelings }} - relabelings: -{{ tpl (toYaml .Values.kubelet.serviceMonitor.resourceRelabelings | indent 4) . }} -{{- end }} -{{- end }} -{{- end }} - {{- end }} - jobLabel: k8s-app - {{- with .Values.kubelet.serviceMonitor.targetLabels }} - targetLabels: - {{- toYaml . | nindent 4 }} - {{- end }} - namespaceSelector: - matchNames: - - {{ .Values.kubelet.namespace }} - selector: - matchLabels: - app.kubernetes.io/name: kubelet - k8s-app: kubelet -{{- end}}