From 206526a712c208704d55de78982fd40de9d2fb78 Mon Sep 17 00:00:00 2001 From: Dean Roehrich Date: Mon, 6 Nov 2023 13:36:11 -0600 Subject: [PATCH 1/2] Requirements for Prometheus Add a label to the ServiceMonitor resource that will be common across all DWS and NNF repos so we can easily tell Prometheus which ones it should select. Copy the namespace value into config/prometheus so that part of config/ can be deployed on its own. Add a ClusterRoleBinding that can be used by a metrics reader process to debug the metrics endpoint of the controller. The ClusterRole is already being installed, and the ServiceAccount is already installed. Introduce a deploy.sh script for the "make deploy" and "make undeploy" targets. This script will do the usual deploy/undeploy, but will also determine whether or not the ServiceMonitor resource can be applied. Signed-off-by: Dean Roehrich --- Makefile | 4 +- config/prometheus/kustomization.yaml | 3 ++ config/prometheus/monitor.yaml | 1 + ...auth_proxy_client_clusterrole_binding.yaml | 12 ++++++ config/rbac/kustomization.yaml | 4 ++ config/rbac/kustomizeconfig.yaml | 4 ++ deploy.sh | 43 +++++++++++++++++++ 7 files changed, 69 insertions(+), 2 deletions(-) create mode 100644 config/rbac/auth_proxy_client_clusterrole_binding.yaml create mode 100644 config/rbac/kustomizeconfig.yaml create mode 100755 deploy.sh diff --git a/Makefile b/Makefile index 3192d227..8d12b976 100644 --- a/Makefile +++ b/Makefile @@ -205,10 +205,10 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified $(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found -f - deploy: kustomize edit-image ## Deploy controller to the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/begin | kubectl apply -f - + ./deploy.sh deploy $(KUSTOMIZE) config/begin undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found -f - + ./deploy.sh undeploy $(KUSTOMIZE) config/default installer: kustomize edit-image diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..12988c04 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,5 @@ +# Adds namespace to all resources. +namespace: nnf-lustre-fs-system + resources: - monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae..55a96aa1 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -5,6 +5,7 @@ kind: ServiceMonitor metadata: labels: control-plane: controller-manager + prometheus-app: rabbit-nnf name: controller-manager-metrics-monitor namespace: system spec: diff --git a/config/rbac/auth_proxy_client_clusterrole_binding.yaml b/config/rbac/auth_proxy_client_clusterrole_binding.yaml new file mode 100644 index 00000000..f7d0f2fc --- /dev/null +++ b/config/rbac/auth_proxy_client_clusterrole_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-reader-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-reader +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6..b45fdc23 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -16,3 +16,7 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml +- auth_proxy_client_clusterrole_binding.yaml + +configurations: +- kustomizeconfig.yaml diff --git a/config/rbac/kustomizeconfig.yaml b/config/rbac/kustomizeconfig.yaml new file mode 100644 index 00000000..a8cc96ae --- /dev/null +++ b/config/rbac/kustomizeconfig.yaml @@ -0,0 +1,4 @@ +namePrefix: +- path: metadata/annotations/kubernetes.io\/service-account.name +namespace: +- path: metadata/annotations/kubernetes.io\/service-account.namespace \ No newline at end of file diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 00000000..7375a12e --- /dev/null +++ b/deploy.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +# Copyright 2023 Hewlett Packard Enterprise Development LP +# Other additional copyright holders may be indicated within. +# +# The entirety of this work is licensed under the Apache License, +# Version 2.0 (the "License"); you may not use this file except +# in compliance with the License. +# +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Deploy/undeploy controller to the K8s cluster specified in ~/.kube/config. + +CMD=$1 +KUSTOMIZE=$2 +OVERLAY_DIR=$3 + +if [[ $CMD == 'deploy' ]]; then + $KUSTOMIZE build config/begin | kubectl apply -f - + + # Deploy the ServiceMonitor resource if its CRD is found. The CRD would + # have been installed by a metrics service such as Prometheus. + if kubectl get crd servicemonitors.monitoring.coreos.com > /dev/null 2>&1; then + $KUSTOMIZE build config/prometheus | kubectl apply -f- + fi +fi + +if [[ $CMD == 'undeploy' ]]; then + $KUSTOMIZE build config/prometheus | kubectl delete --ignore-not-found -f- + $KUSTOMIZE build $OVERLAY_DIR | kubectl delete --ignore-not-found -f - +fi + +exit 0 From b84a5de64c589ad5fe64c5ebe585151158de20bd Mon Sep 17 00:00:00 2001 From: Dean Roehrich Date: Mon, 6 Nov 2023 16:23:35 -0600 Subject: [PATCH 2/2] Remove hard-coded overlay Signed-off-by: Dean Roehrich --- deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy.sh b/deploy.sh index 7375a12e..6b561a24 100755 --- a/deploy.sh +++ b/deploy.sh @@ -26,7 +26,7 @@ KUSTOMIZE=$2 OVERLAY_DIR=$3 if [[ $CMD == 'deploy' ]]; then - $KUSTOMIZE build config/begin | kubectl apply -f - + $KUSTOMIZE build $OVERLAY_DIR | kubectl apply -f - # Deploy the ServiceMonitor resource if its CRD is found. The CRD would # have been installed by a metrics service such as Prometheus.