Commit Graph

53 Commits (2acb1d6fcfecbfd7d782f36156b5cede63c50031)

Author SHA1 Message Date
Arvind Iyengar 3202417f2d
Add dummy openAPIV3Schema to initContainer and log patch 2021-06-16 18:13:27 -07:00
Jiaqi Luo 09f8f4b5bf update all charts' version to 100.0.0 2021-06-11 13:43:20 -07:00
Jiaqi Luo 1157b4a153 add sub-charts for scraping ingress-nginx in rke and rke2 clusters 2021-06-08 19:06:50 -07:00
Arvind Iyengar a064b37d4e
Add kubelet and nodeExporter pushprox and bump image (#1245)
* Bump PushProx chart version

* Expose serviceMonitor endpoints and client SA RBAC

* Bump PushProx image to v0.1.0-rancher2

* Support hardened kubelet+nodeExporter & update k3s

* Generate charts

* Disable kubelet serviceMonitor if k3sServer enabled

* make charts
2021-06-04 15:33:21 -07:00
Arvind Iyengar 02ff0c9df8
Move establishing CRD logic to a helper template 2021-06-01 13:58:40 -07:00
Arvind Iyengar 5f3bbe4a36
Mimic Helm CRD install process by introducing wait
As part of the Helm CRD installation process shown [here](43853ea772/pkg/action/install.go (L160-L162)), charts that both attempt to install CRDs and then install resources (e.g. `len(totalItems) > 0`) invalidate the cache and attempt to get the CRDs again to `Give time for the CRD to be recognized.` before continuing the Helm installation.

Because Monitoring V2 currently does not observe this invalidation and wait, flakey race conditions documented in issues like https://github.com/rancher/rancher/issues/32025 and https://github.com/rancher/rancher/issues/29171 can be caused. This commit introduces that invalidation process.
2021-06-01 12:42:26 -07:00
Jiaqi Luo 5480033c84 update the image rancher/mirrored-library-nginx 2021-05-24 20:19:04 -07:00
Arvind Iyengar 6239716e10
Add NoExecute toleration to rke2Etcd and remove key
(cherry picked from commit a181ea3011)
2021-05-21 16:59:15 -07:00
Arvind Iyengar e2c9a0746b
Fix monitoring Chart.yaml
This is required due to the change released in v0.1.0 of the charts-build-scripts to switch the package used for YAML marshalling / unmarshalling.

Note: This does not need a packageVersion bump since it has already been bumped once for this release.
(cherry picked from commit 7ec1716f66)
2021-05-17 15:39:49 -07:00
Arvind Iyengar b350bb93e0
Remove rcVersions 2021-05-17 15:39:11 -07:00
Arvind Iyengar 551327b14e
Checkout current packages from dev-v2.5-source
```bash
git fetch upstream
git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md
```
2021-05-17 15:30:27 -07:00
Daishan 2469c9213c Clean up folders 2020-09-22 16:26:19 -07:00
Arvind Iyengar 92f0eca770 Add nginx proxy to Prometheus for magic links
This commit adds an nginx proxy in front of Prometheus that intercepts the requests that are sent to the Prometheus pod. This change was necessary since the Prometheus pod encounters issues with Rancher proxy URLs that are formatted like:

```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy
```

Specifically, if using the root_url option, it doubles up this URL when making requests for resources, e.g.
```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/<my-path>
=>
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/<my-path>
```

However, this does not resolve the issue in https://github.com/rancher/rancher/issues/29068.
2020-09-22 11:20:57 -07:00
Arvind Iyengar d6c774aa42 Add nginx proxy to Grafana for magic links
This commit adds an nginx proxy in front of Grafana that intercepts the requests that are sent to the Grafana pod. This change was necessary since the Grafana pod encounters issues with Rancher proxy URLs that are formatted like:

```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy
```

Specifically, if using the root_url option, it doubles up this URL when making requests for resources, e.g.
```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/<my-path>
=>
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/<my-path>
```
2020-09-22 11:20:57 -07:00
Arvind Iyengar e3d6033572 Support monitoring in hardened RKE clusters
This commit adds support for deploying rancher-monitoring into hardened clusters.

It modifies some of the default securityContexts and does some misc. fixes such as:
- Removing default AppArmor PSP annotations from Grafana (related to https://github.com/helm/charts/issues/9090)
- Modifying rkeScheduler and rkeControllerManager to use localhost to scrape components since the endpoints aren't exposed in a hardened cluster

These changes have been verified on a hardened RKE cluster.
2020-09-21 12:04:07 -07:00
Arvind Iyengar b80fb3a8ff Use separate namespace only for dashboards
This commit renames `grafana-dashboards` to `cattle-dashboards` and deprecates the `grafana-datasources` namespace in favor of the normal release namespace.

Related Issue: rancher/rancher#28887
2020-09-19 19:23:35 -07:00
Arvind Iyengar 0fa3a06de0 Split RBAC for ConfigMaps and Secrets
Related Issue: https://github.com/rancher/rancher/issues/29013
2020-09-19 19:23:33 -07:00
Arvind Iyengar 2e1ed1b130 Relocate Rancher roles to overlay/ 2020-09-19 19:00:23 -07:00
Arvind Iyengar 95cf887f5f Add annotations that were left out on rebase
Dropped on accident in rebase https://github.com/rancher/charts/pull/641/files#diff-ed5b5b87cf149adc6a6408bf81993efdR681-R682
2020-09-18 17:08:11 -07:00
Arvind Iyengar 700975ee95 Create kube-dns service monitor in kube-system
This is required since, by default, we ignoreNamespaceSelectors.
2020-09-18 15:35:21 -07:00
Arvind Iyengar c263e58157 Replace rancher/busybox w/ rancher/library-busybox
Related Issue: https://github.com/rancher/rancher/issues/28978
2020-09-17 18:38:14 -07:00
Arvind Iyengar 178528b12c Rebase to new upstream at kube-prometheus-stack
The old upstream at https://github.com/helm/charts/tree/master/stable/prometheus-operator has been deprecated in favor of the chart at https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack.

This commit modifies the rancher-monitoring patch in order to rebase to this new upstream, so it contains a ton of different changes to the patch file.

Related Issue: rancher/rancher#28822
2020-09-17 17:10:42 -07:00
Arvind Iyengar d03ffe81df Create Alertmanager secret in pre-install hook 2020-09-14 16:22:16 -07:00
Arvind Iyengar 4d5653b2ec Update docs, descriptions, and other minor fixes
- [rancher-pushprox] add hidden annotation + update description
- [rancher-monitoring] update description + add monitoring app-README.md
- [rancher-monitoring|rancher-pushprox] Move systemDefaultRegistry to global.cattle
- [rancher-monitoring] Move exporter enabled logic to _helpers.tpl
2020-09-10 17:23:47 -07:00
Arvind Iyengar 9fe6ed19c1 Use assumeOwnershipOfCRDs for rancher-monitoring 2020-09-09 15:25:13 -07:00
Brenda Rearden da849a2dee Add providesGVR to patch file and remove from package.yaml 2020-09-09 12:52:34 -07:00
Caleb Bron f223cb6b6d Make monitoring gvr singular 2020-09-08 22:13:09 -07:00
Brenda Rearden aa13a90e13 Update provides/requires gvr, added keywords 2020-09-08 21:12:11 -07:00
Arvind Iyengar 30aa33a5b1 Use Rancher mirror for jettech/kube-webhook-certgen 2020-09-08 13:41:17 -07:00
Caleb Bron 92211af12a update how we manage dependency annotations 2020-09-04 20:46:44 -07:00
Arvind Iyengar 1b0deff7a9 Use Rancher images for monitoring subcharts 2020-09-04 12:07:58 -07:00
Arvind Iyengar bd24317ee8 Add private registry to monitoring subcharts 2020-09-04 12:07:58 -07:00
Arvind Iyengar 43efb64f82 Use fixed versions for subcharts of rancher-monitoring 2020-09-04 12:07:58 -07:00
Arvind Iyengar 3b6f47638d fix typos in alerting config 2020-09-03 15:15:36 -07:00
Arvind Iyengar 6bc9f8c45f Update default Alerting template 2020-08-28 20:14:58 -07:00
Arvind Iyengar 267b8afc95 Rearrange patch
This commit is required due to patch flip-flops that will occur till https://github.com/rancher/rancher/issues/28627 is resolved.
2020-08-28 16:31:41 -07:00
Menna 7c63442e79 add rke2proxy toleration 2020-08-27 00:49:54 +02:00
Menna e5dfdc5c88 Adds support for monitoring the following k8s components in rke2 clusters:
- `rke2-scheduler`
- `rke2-controller-manager`
- `rke2-proxy`
- `rke2-etcd`

All exporters are created from the cattle-pushprox chart. This commit
also modifies the relevant Grafana Dashboard ConfigMaps and
PrometheusRules to deploy if the PushProx exporters are enabled.

See changes to `overlay/CHANGELOG.md` for details on what has been added/modified.
2020-08-26 22:16:37 +02:00
Arvind Iyengar e0d3e6519b Use Rancher images for rancher-monitoring 2020-08-25 19:37:34 -07:00
Arvind Iyengar aa30c498ea Add private registry support to rancher-monitoring 2020-08-25 19:37:34 -07:00
Arvind Iyengar d085bc088f Add alerting support to rancher-monitoring 2020-08-25 12:06:39 -07:00
Arvind Iyengar d2bf307e59 Change default to all CRs in all namespaces
This commit sets the following field to false:
`<serviceMonitor|podMonitor|rule>SelectorNilUsesHelmValues: true`

As a result, we look for all CRs with any labels in all namespaces rather than just
the ones tagged with `release: rancher-monitoring`.
2020-08-18 10:35:27 -07:00
Arvind Iyengar f3aebdca14 Update grafana default deploymentStrategy
If the Grafana deployment strategy is not Recreate, the deployment will
be stuck during an upgrade when PV is attached.
2020-08-18 10:35:27 -07:00
Arvind Iyengar 215cf10a68 Add NoExecute + NoSchedule toleration to PushProx
This commit adds NoExecute / NoSchedule tolerations by default to all of the
PushProx exporters since the default expectation when deploying these exporters
is that they are deployed on the expected nodes based on nodeSelector labels
regardless of any taints added to those nodes.

Users can always choose to override these settings if necessary.
2020-08-18 10:35:27 -07:00
Arvind Iyengar de6fbbb129 Increase prometheus resource limits and requests 2020-08-18 10:35:23 -07:00
Arvind Iyengar 3d6b8c94c7 Move ClusterRoles and change values.yaml fields
- Moves `monitoringRole` settings into `global.rbac` in values.yaml
- Moves user ClusterRoles into one file: `rancher-monitoring/clusterroles.yaml`
- Reformats user ClusterRoles format to look like upstream format
- Enables aggregateRolesForRBAC by default
- Updates README.md and CHANGELOG.md for relevant ClusterRole changes
2020-08-18 10:02:30 -07:00
Arvind Iyengar 701098fd72 Update default namespace to cattle-monitoring-system 2020-08-18 10:02:28 -07:00
Arvind Iyengar 63647c6849 Update README to add rancher-monitoring changes
Adds prometheus-adapter and rancher-pushprox to the README.md and also
adds fields for Rancher Monitoring config
2020-08-18 09:58:43 -07:00
Arvind Iyengar 921f735cbc Remove CRD code from upstream
Removes the code that supports the Helm 2 hack for crd/ (`prometheus-operator/cleanup-crds.yaml` and
`prometheus-operator/crds.yaml`) and removes crd-install hooks from crds.

Also updates the README.md and CHANGELOG.md accordingly.
2020-08-05 10:33:38 -07:00
Arvind Iyengar fcc8528186 Enable splitting CRDs to separate package
This commit adds script changes to automatically allow packages to split
the CRD components located in a crd/ directory into a separate package.

It also automatically adds in a validation yaml helper to the main package
to prevent a user from installing the base package without installing the crd
install package first.

Any package can enable the creation of a separate crd package by just adding
`splitCRDsIntoSeparatePackage: true` into the package.yaml, as shown in the
rancher-monitoring chart.
2020-08-04 10:40:45 -07:00