From 9727c76dff5701287f5962a7535a2836c4927966 Mon Sep 17 00:00:00 2001 From: Dean Roehrich Date: Mon, 6 Nov 2023 13:35:22 -0600 Subject: [PATCH] Requirements for Prometheus Add a label to the ServiceMonitor resource that will be common across all DWS and NNF repos so we can easily tell Prometheus which ones it should select. Copy the namespace value into config/prometheus so that part of config/ can be deployed on its own. Add a ClusterRoleBinding that can be used by a metrics reader process to debug the metrics endpoint of the controller. The ClusterRole is already being installed, and the ServiceAccount is already installed. Update the deploy.sh script to determine whether or not the ServiceMonitor resource can be applied. Signed-off-by: Dean Roehrich --- config/prometheus/kustomization.yaml | 3 +++ config/prometheus/monitor.yaml | 1 + .../rbac/auth_proxy_client_clusterrole_binding.yaml | 12 ++++++++++++ config/rbac/kustomization.yaml | 1 + deploy.sh | 7 +++++++ 5 files changed, 24 insertions(+) create mode 100644 config/rbac/auth_proxy_client_clusterrole_binding.yaml diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..9560cc41 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,5 @@ +# Adds namespace to all resources. +namespace: nnf-dm-system + resources: - monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae..55a96aa1 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -5,6 +5,7 @@ kind: ServiceMonitor metadata: labels: control-plane: controller-manager + prometheus-app: rabbit-nnf name: controller-manager-metrics-monitor namespace: system spec: diff --git a/config/rbac/auth_proxy_client_clusterrole_binding.yaml b/config/rbac/auth_proxy_client_clusterrole_binding.yaml new file mode 100644 index 00000000..f7d0f2fc --- /dev/null +++ b/config/rbac/auth_proxy_client_clusterrole_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-reader +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index dd8c44a1..8c4e0530 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -19,6 +19,7 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml +- auth_proxy_client_clusterrole_binding.yaml configurations: - kustomizeconfig.yaml diff --git a/deploy.sh b/deploy.sh index d23097c9..f626da0a 100755 --- a/deploy.sh +++ b/deploy.sh @@ -47,8 +47,15 @@ deploy) $KUSTOMIZE build $OVERLAY_DIR | kubectl apply -f - break done + + # Deploy the ServiceMonitor resource if its CRD is found. The CRD would + # have been installed by a metrics service such as Prometheus. + if kubectl get crd servicemonitors.monitoring.coreos.com > /dev/null 2>&1; then + $KUSTOMIZE build config/prometheus | kubectl apply -f- + fi ;; undeploy) + $KUSTOMIZE build config/prometheus | kubectl delete --ignore-not-found -f- # When the DataMovementManager CRD gets deleted all related resource are also # removed, so the delete will always fail. We ignore all errors at our # own risk.