From 536c6d337f9216c37878d0270dd087a2d3f77f55 Mon Sep 17 00:00:00 2001 From: Dean Roehrich Date: Mon, 6 Nov 2023 13:35:22 -0600 Subject: [PATCH] Requirements for Prometheus Add a label to the ServiceMonitor resource that will be common across all DWS and NNF repos so we easily tell Prometheus which ones it should select. Copy the namespace value into config/prometheus so that part of config/ can be deployed on its own. Add a ClusterRoleBinding that can be used by a metrics reader process to debug the metrics endpoing of the controller. The ClusterRole is already being installed, and the ServiceAccount is already installed. Update the deploy.sh script to determine whether or not the ServiceMonitor resource can be applied. Signed-off-by: Dean Roehrich --- config/prometheus/kustomization.yaml | 3 +++ config/prometheus/monitor.yaml | 1 + .../rbac/auth_proxy_client_clusterrole_binding.yaml | 12 ++++++++++++ config/rbac/kustomization.yaml | 1 + deploy.sh | 7 +++++++ 5 files changed, 24 insertions(+) create mode 100644 config/rbac/auth_proxy_client_clusterrole_binding.yaml diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..9560cc41 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,5 @@ +# Adds namespace to all resources. +namespace: nnf-dm-system + resources: - monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae..55a96aa1 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -5,6 +5,7 @@ kind: ServiceMonitor metadata: labels: control-plane: controller-manager + prometheus-app: rabbit-nnf name: controller-manager-metrics-monitor namespace: system spec: diff --git a/config/rbac/auth_proxy_client_clusterrole_binding.yaml b/config/rbac/auth_proxy_client_clusterrole_binding.yaml new file mode 100644 index 00000000..f7d0f2fc --- /dev/null +++ b/config/rbac/auth_proxy_client_clusterrole_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-reader +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index dd8c44a1..8c4e0530 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -19,6 +19,7 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml +- auth_proxy_client_clusterrole_binding.yaml configurations: - kustomizeconfig.yaml diff --git a/deploy.sh b/deploy.sh index d23097c9..f626da0a 100755 --- a/deploy.sh +++ b/deploy.sh @@ -47,8 +47,15 @@ deploy) $KUSTOMIZE build $OVERLAY_DIR | kubectl apply -f - break done + + # Deploy the ServiceMonitor resource if its CRD is found. The CRD would + # have been installed by a metrics service such as Prometheus. + if kubectl get crd servicemonitors.monitoring.coreos.com > /dev/null 2>&1; then + $KUSTOMIZE build config/prometheus | kubectl apply -f- + fi ;; undeploy) + $KUSTOMIZE build config/prometheus | kubectl delete --ignore-not-found -f- # When the DataMovementManager CRD gets deleted all related resource are also # removed, so the delete will always fail. We ignore all errors at our # own risk.