Alexandros Kosiaris has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/399159 )
Change subject: Move role::prometheus::k8s to profile
......................................................................
Move role::prometheus::k8s to profile
Move the role into a profile and include it from the role
Change-Id: Ic7486d74b5163b2920b2ef7addac478be9b97937
---
R modules/profile/files/prometheus/rules_k8s.conf
A modules/profile/manifests/prometheus/k8s.pp
M modules/role/manifests/prometheus/k8s.pp
3 files changed, 144 insertions(+), 139 deletions(-)
Approvals:
Alexandros Kosiaris: Verified; Looks good to me, approved
Filippo Giunchedi: Looks good to me, but someone else must approve
diff --git a/modules/role/files/prometheus/rules_k8s.conf
b/modules/profile/files/prometheus/rules_k8s.conf
similarity index 100%
rename from modules/role/files/prometheus/rules_k8s.conf
rename to modules/profile/files/prometheus/rules_k8s.conf
diff --git a/modules/profile/manifests/prometheus/k8s.pp
b/modules/profile/manifests/prometheus/k8s.pp
new file mode 100644
index 0000000..364a604
--- /dev/null
+++ b/modules/profile/manifests/prometheus/k8s.pp
@@ -0,0 +1,142 @@
+# Uses the prometheus module and generates the specific configuration
+# needed for WMF production
+#
+class profile::prometheus::k8s (
+ $users = hiera('k8s_infrastructure_users'), # lint:ignore:wmf_styleguide
+){
+ $targets_path = '/srv/prometheus/k8s/targets'
+ $storage_retention = hiera('prometheus::server::storage_retention',
'2190h0m0s')
+ $max_chunks_to_persist =
hiera('prometheus::server::max_chunks_to_persist', '524288')
+ $memory_chunks = hiera('prometheus::server::memory_chunks', '1048576')
+ $bearer_token_file = '/srv/prometheus/k8s/k8s.token'
+ $master_host = "kubemaster.svc.${::site}.wmnet"
+ $client_token = $users['prometheus']['token']
+
+ $config_extra = {
+ # All metrics will get an additional 'site' label when queried by
+ # external systems (e.g. via federation)
+ 'external_labels' => {
+ 'site' => $::site,
+ },
+ }
+
+ # Configure scraping from k8s cluster with distinct jobs:
+ # - k8s-api: api server metrics (each one, as returned by k8s)
+ # - k8s-node: metrics from each node running k8s
+ # See also:
+ # *
https://prometheus.io/docs/operating/configuration/#<kubernetes_sd_config>
+ # *
https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml
+ $scrape_configs_extra = [
+ {
+ 'job_name' => 'k8s-api',
+ 'bearer_token_file' => $bearer_token_file,
+ 'scheme' => 'https',
+ 'tls_config' => {
+ 'server_name' => $master_host,
+ },
+ 'kubernetes_sd_configs' => [
+ {
+ 'api_server' => "https://${master_host}:6443";,
+ 'bearer_token_file' => $bearer_token_file,
+ 'role' => 'endpoints',
+ },
+ ],
+ # Scrape config for API servers, keep only endpoints for
default/kubernetes to poll only
+ # api servers
+ 'relabel_configs' => [
+ {
+ 'source_labels' => ['__meta_kubernetes_namespace',
+ '__meta_kubernetes_service_name',
+
'__meta_kubernetes_endpoint_port_name'],
+ 'action' => 'keep',
+ 'regex' => 'default;kubernetes;https',
+ },
+ ],
+ },
+ {
+ 'job_name' => 'k8s-node',
+ 'bearer_token_file' => $bearer_token_file,
+ 'kubernetes_sd_configs' => [
+ {
+ 'api_server' => "https://${master_host}:6443";,
+ 'bearer_token_file' => $bearer_token_file,
+ 'role' => 'node',
+ },
+ ],
+ 'relabel_configs' => [
+ # Map kubernetes node labels to prometheus metric labels
+ {
+ 'action' => 'labelmap',
+ 'regex' => '__meta_kubernetes_node_label_(.+)',
+ },
+ {
+ # Force read-only API for nodes. This listens on port 10255
+ # so rewrite the __address__ label to use that port. It's
+ # also HTTP, not HTTPS
+ 'action' => 'replace', # Redundant but clearer
+ 'source_labels' => ['__address__'],
+ 'target_label' => '__address__',
+ 'regex' => '([\d\.]+):(\d+)',
+ 'replacement' => "\${1}:10255",
+ },
+ ]
+ },
+ {
+ 'job_name' => 'k8s-node-cadvisor',
+ 'bearer_token_file' => $bearer_token_file,
+ 'metrics_path' => '/metrics/cadvisor',
+ 'kubernetes_sd_configs' => [
+ {
+ 'api_server' => "https://${master_host}:6443";,
+ 'bearer_token_file' => $bearer_token_file,
+ 'role' => 'node',
+ },
+ ],
+ 'relabel_configs' => [
+ # Map kubernetes node labels to prometheus metric labels
+ {
+ 'action' => 'labelmap',
+ 'regex' => '__meta_kubernetes_node_label_(.+)',
+ },
+ {
+ # Force read-only API for nodes. This listens on port 10255
+ # so rewrite the __address__ label to use that port. It's
+ # also HTTP, not HTTPS
+ 'action' => 'replace', # Redundant but clearer
+ 'source_labels' => ['__address__'],
+ 'target_label' => '__address__',
+ 'regex' => '([\d\.]+):(\d+)',
+ 'replacement' => "\${1}:10255",
+ },
+ ]
+ },
+ ]
+
+ prometheus::server { 'k8s':
+ storage_encoding => '2',
+ listen_address => '127.0.0.1:9906',
+ storage_retention => $storage_retention,
+ max_chunks_to_persist => $max_chunks_to_persist,
+ memory_chunks => $memory_chunks,
+ global_config_extra => $config_extra,
+ scrape_configs_extra => $scrape_configs_extra,
+ }
+
+ prometheus::web { 'k8s':
+ proxy_pass => 'http://localhost:9906/k8s',
+ }
+
+ prometheus::rule { 'rules_k8s.conf':
+ instance => 'k8s',
+ source => 'puppet:///modules/profile/prometheus/rules_k8s.conf',
+ }
+
+ file { $bearer_token_file:
+ ensure => present,
+ content => $client_token,
+ mode => '0400',
+ owner => 'prometheus',
+ group => 'prometheus',
+ require => Prometheus::Server['k8s'],
+ }
+}
diff --git a/modules/role/manifests/prometheus/k8s.pp
b/modules/role/manifests/prometheus/k8s.pp
index 3690aec..b5bfade 100644
--- a/modules/role/manifests/prometheus/k8s.pp
+++ b/modules/role/manifests/prometheus/k8s.pp
@@ -2,149 +2,12 @@
# needed for WMF production
#
# filtertags: labs-project-monitoring
-class role::prometheus::k8s (
- $users = hiera('k8s_infrastructure_users'), # lint:ignore:wmf_styleguide
-){
+class role::prometheus::k8s {
system::role { 'prometheus::k8s':
description => 'Prometheus server (k8s)',
}
include ::standard
include ::base::firewall
-
- $targets_path = '/srv/prometheus/k8s/targets'
- $storage_retention = hiera('prometheus::server::storage_retention',
'2190h0m0s')
- $max_chunks_to_persist =
hiera('prometheus::server::max_chunks_to_persist', '524288')
- $memory_chunks = hiera('prometheus::server::memory_chunks', '1048576')
- $bearer_token_file = '/srv/prometheus/k8s/k8s.token'
- $master_host = "kubemaster.svc.${::site}.wmnet"
- $client_token = $users['prometheus']['token']
-
- $config_extra = {
- # All metrics will get an additional 'site' label when queried by
- # external systems (e.g. via federation)
- 'external_labels' => {
- 'site' => $::site,
- },
- }
-
- # Configure scraping from k8s cluster with distinct jobs:
- # - k8s-api: api server metrics (each one, as returned by k8s)
- # - k8s-node: metrics from each node running k8s
- # See also:
- # *
https://prometheus.io/docs/operating/configuration/#<kubernetes_sd_config>
- # *
https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml
- $scrape_configs_extra = [
- {
- 'job_name' => 'k8s-api',
- 'bearer_token_file' => $bearer_token_file,
- 'scheme' => 'https',
- 'tls_config' => {
- 'server_name' => $master_host,
- },
- 'kubernetes_sd_configs' => [
- {
- 'api_server' => "https://${master_host}:6443";,
- 'bearer_token_file' => $bearer_token_file,
- 'role' => 'endpoints',
- },
- ],
- # Scrape config for API servers, keep only endpoints for
default/kubernetes to poll only
- # api servers
- 'relabel_configs' => [
- {
- 'source_labels' => ['__meta_kubernetes_namespace',
- '__meta_kubernetes_service_name',
-
'__meta_kubernetes_endpoint_port_name'],
- 'action' => 'keep',
- 'regex' => 'default;kubernetes;https',
- },
- ],
- },
- {
- 'job_name' => 'k8s-node',
- 'bearer_token_file' => $bearer_token_file,
- 'kubernetes_sd_configs' => [
- {
- 'api_server' => "https://${master_host}:6443";,
- 'bearer_token_file' => $bearer_token_file,
- 'role' => 'node',
- },
- ],
- 'relabel_configs' => [
- # Map kubernetes node labels to prometheus metric labels
- {
- 'action' => 'labelmap',
- 'regex' => '__meta_kubernetes_node_label_(.+)',
- },
- {
- # Force read-only API for nodes. This listens on port 10255
- # so rewrite the __address__ label to use that port. It's
- # also HTTP, not HTTPS
- 'action' => 'replace', # Redundant but clearer
- 'source_labels' => ['__address__'],
- 'target_label' => '__address__',
- 'regex' => '([\d\.]+):(\d+)',
- 'replacement' => "\${1}:10255",
- },
- ]
- },
- {
- 'job_name' => 'k8s-node-cadvisor',
- 'bearer_token_file' => $bearer_token_file,
- 'metrics_path' => '/metrics/cadvisor',
- 'kubernetes_sd_configs' => [
- {
- 'api_server' => "https://${master_host}:6443";,
- 'bearer_token_file' => $bearer_token_file,
- 'role' => 'node',
- },
- ],
- 'relabel_configs' => [
- # Map kubernetes node labels to prometheus metric labels
- {
- 'action' => 'labelmap',
- 'regex' => '__meta_kubernetes_node_label_(.+)',
- },
- {
- # Force read-only API for nodes. This listens on port 10255
- # so rewrite the __address__ label to use that port. It's
- # also HTTP, not HTTPS
- 'action' => 'replace', # Redundant but clearer
- 'source_labels' => ['__address__'],
- 'target_label' => '__address__',
- 'regex' => '([\d\.]+):(\d+)',
- 'replacement' => "\${1}:10255",
- },
- ]
- },
- ]
-
- prometheus::server { 'k8s':
- storage_encoding => '2',
- listen_address => '127.0.0.1:9906',
- storage_retention => $storage_retention,
- max_chunks_to_persist => $max_chunks_to_persist,
- memory_chunks => $memory_chunks,
- global_config_extra => $config_extra,
- scrape_configs_extra => $scrape_configs_extra,
- }
-
- prometheus::web { 'k8s':
- proxy_pass => 'http://localhost:9906/k8s',
- }
-
- prometheus::rule { 'rules_k8s.conf':
- instance => 'k8s',
- source => 'puppet:///modules/role/prometheus/rules_k8s.conf',
- }
-
- file { $bearer_token_file:
- ensure => present,
- content => $client_token,
- mode => '0400',
- owner => 'prometheus',
- group => 'prometheus',
- require => Prometheus::Server['k8s'],
- }
+ include ::profile::prometheus::k8s
}
--
To view, visit https://gerrit.wikimedia.org/r/399159
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic7486d74b5163b2920b2ef7addac478be9b97937
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
