[kube-prometheus-stack] Add resources and SLIs metrics support

- KEP-1748: Expose Pod Resource Request Metrics - kube-scheduler - KEP-3466: Kubernetes Component SLIs - kube-apiserver - kubelet - kube-controller-manager - kube-scheduler - kube-proxy Signed-off-by: Mitsuru Kariya <mitsuru.kariya@nttdata.com>
prometheus-community · Mar 4, 2024 · 5c1e529 · 5c1e529
1 parent b7592f7
commit 5c1e529
Show file tree

Hide file tree

Showing 8 changed files with 313 additions and 294 deletions.
diff --git a/charts/kube-prometheus-stack/templates/_helpers.tpl b/charts/kube-prometheus-stack/templates/_helpers.tpl
@@ -313,3 +313,175 @@ global:
 {{ $fullname }}-webhook.{{ $namespace }}.svc
 {{- end }}
 {{- end }}
+
+{{/* Create lower camel case string. */}}
+{{- define "kube-prometheus-stack.lowerCamelCase" }}
+{{- $prefix := index . 0 }}
+{{- $base := index . 1 }}
+{{- with $prefix }}
+{{- printf "%s%s" . (title $base) }}
+{{- else }}
+{{- $base }}
+{{- end }}
+{{- end }}
+
+{{/* Define ServiceMonitor endpoint for kube-apiserver */}}
+{{- define "kube-prometheus-stack.kubeApiServer.endpoint" }}
+{{- $ := index . 0 }}
+{{- $prefix := index . 1 }}
+{{- $smon := $.Values.kubeApiServer.serviceMonitor }}
+{{- $tlsConfig := $.Values.kubeApiServer.tlsConfig }}
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    {{- with $smon.interval }}
+    interval: {{ . }}
+    {{- end }}
+    {{- with $smon.proxyUrl }}
+    proxyUrl: {{ . }}
+    {{- end }}
+    port: https
+    scheme: https
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "metricRelabelings") | get $smon }}
+    metricRelabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "relabelings") | get $smon }}
+    relabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      serverName: {{ $tlsConfig.serverName }}
+      insecureSkipVerify: {{ $tlsConfig.insecureSkipVerify }}
+{{- end }}
+
+{{/* Define ServiceMonitor endpoint for kubelet */}}
+{{- define "kube-prometheus-stack.kubelet.endpoint" -}}
+{{- $ := index . 0 }}
+{{- $prefix := index . 1 }}
+{{- $smon := $.Values.kubelet.serviceMonitor }}
+  {{- if $smon.https }}
+  - port: https-metrics
+    scheme: https
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      insecureSkipVerify: true
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+  {{- else }}
+  - port: http-metrics
+  {{- end }}
+    {{- with $smon.interval }}
+    interval: {{ . }}
+    {{- end }}
+    {{- with $smon.proxyUrl }}
+    proxyUrl: {{ . }}
+    {{- end }}
+    {{- with $smon.scrapeTimeout }}
+    scrapeTimeout: {{ . }}
+    {{- end }}
+    honorLabels: {{ $smon.honorLabels }}
+    honorTimestamps: {{ $smon.honorTimestamps }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "metricRelabelings") | get $smon }}
+    metricRelabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "relabelings") | get $smon }}
+    relabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+{{- end }}
+
+{{/* Define ServiceMonitor endpoint for kube-controller-manager */}}
+{{- define "kube-prometheus-stack.kubeControllerManager.endpoint" }}
+{{- $ := index . 0 }}
+{{- $prefix := index . 1 }}
+{{- $smon := $.Values.kubeControllerManager.serviceMonitor }}
+  - port: {{ $smon.port }}
+    {{- with $smon.interval }}
+    interval: {{ . }}
+    {{- end }}
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    {{- with $smon.proxyUrl }}
+    proxyUrl: {{ . }}
+    {{- end }}
+    {{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list $ false true $smon.https )) "true" }}
+    scheme: https
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      {{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list $ nil true $smon.insecureSkipVerify)) "true" }}
+      insecureSkipVerify: true
+      {{- end }}
+      {{- with $smon.serverName }}
+      serverName: {{ . }}
+      {{- end }}
+    {{- end }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "metricRelabelings") | get $smon }}
+    metricRelabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "relabelings") | get $smon }}
+    relabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+{{- end }}
+
+{{/* Define ServiceMonitor endpoint for kube-scheduler */}}
+{{- define "kube-prometheus-stack.kubeScheduler.endpoint" -}}
+{{- $ := index . 0 }}
+{{- $prefix := index . 1 }}
+{{- $smon := $.Values.kubeScheduler.serviceMonitor }}
+  - port: {{ $smon.port }}
+    {{- with $smon.interval }}
+    interval: {{ . }}
+    {{- end }}
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    {{- with $smon.proxyUrl }}
+    proxyUrl: {{ . }}
+    {{- end }}
+    {{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list $ false true $smon.https)) "true" }}
+    scheme: https
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+      {{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list $ nil true $smon.insecureSkipVerify)) "true" }}
+      insecureSkipVerify: true
+      {{- end }}
+      {{- with $smon.serverName }}
+      serverName: {{ . }}
+      {{- end }}
+    {{- end }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "metricRelabelings") | get $smon }}
+    metricRelabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "relabelings") | get $smon }}
+    relabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+{{- end }}
+
+{{/* Define ServiceMonitor endpoint for kube-proxy */}}
+{{- define "kube-prometheus-stack.kubeProxy.endpoint" -}}
+{{- $ := index . 0 }}
+{{- $prefix := index . 1 }}
+{{- $smon := $.Values.kubeProxy.serviceMonitor }}
+  - port: {{ $smon.port }}
+    {{- with $smon.interval }}
+    interval: {{ . }}
+    {{- end }}
+    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    {{- with $smon.proxyUrl }}
+    proxyUrl: {{ . }}
+    {{- end }}
+    {{- if $smon.https }}
+    scheme: https
+    tlsConfig:
+      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+    {{- end }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "metricRelabelings") | get $smon }}
+    metricRelabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+    {{- with include "kube-prometheus-stack.lowerCamelCase" (list $prefix "relabelings") | get $smon }}
+    relabelings:
+    {{- tpl (toYaml . | nindent 4) $ }}
+    {{- end }}
+{{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-api-server/servicemonitor.yaml
@@ -17,27 +17,11 @@ metadata:
 spec:
   {{- include "servicemonitor.scrapeLimits" .Values.kubeApiServer.serviceMonitor | nindent 2 }}
   endpoints:
-  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-    {{- if .Values.kubeApiServer.serviceMonitor.interval }}
-    interval: {{ .Values.kubeApiServer.serviceMonitor.interval }}
-    {{- end }}
-    {{- if .Values.kubeApiServer.serviceMonitor.proxyUrl }}
-    proxyUrl: {{ .Values.kubeApiServer.serviceMonitor.proxyUrl }}
-    {{- end }}
-    port: https
-    scheme: https
-{{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }}
-    metricRelabelings:
-{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.metricRelabelings | indent 6) . }}
-{{- end }}
-{{- if .Values.kubeApiServer.serviceMonitor.relabelings }}
-    relabelings:
-{{ tpl (toYaml .Values.kubeApiServer.serviceMonitor.relabelings | indent 6) . }}
-{{- end }}
-    tlsConfig:
-      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }}
-      insecureSkipVerify: {{ .Values.kubeApiServer.tlsConfig.insecureSkipVerify }}
+  {{- include "kube-prometheus-stack.kubeApiServer.endpoint" (list $ "") }}
+  {{- if .Values.kubeApiServer.serviceMonitor.slis }}
+  {{- include "kube-prometheus-stack.kubeApiServer.endpoint" (list $ "slis") }}
+    path: /metrics/slis
+  {{- end }}
   jobLabel: {{ .Values.kubeApiServer.serviceMonitor.jobLabel }}
   namespaceSelector:
     matchNames:

diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-controller-manager/servicemonitor.yaml
@@ -29,31 +29,9 @@ spec:
     matchNames:
       - "kube-system"
   endpoints:
-  - port: {{ .Values.kubeControllerManager.serviceMonitor.port }}
-    {{- if .Values.kubeControllerManager.serviceMonitor.interval }}
-    interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }}
-    {{- end }}
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-    {{- if .Values.kubeControllerManager.serviceMonitor.proxyUrl }}
-    proxyUrl: {{ .Values.kubeControllerManager.serviceMonitor.proxyUrl}}
-    {{- end }}
-    {{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . false true .Values.kubeControllerManager.serviceMonitor.https )) "true" }}
-    scheme: https
-    tlsConfig:
-      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      {{- if eq (include "kube-prometheus-stack.kubeControllerManager.insecureScrape" (list . nil true .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify)) "true" }}
-      insecureSkipVerify: true
-      {{- end }}
-      {{- if .Values.kubeControllerManager.serviceMonitor.serverName }}
-      serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }}
-      {{- end }}
-    {{- end }}
-{{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }}
-    metricRelabelings:
-{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.metricRelabelings | indent 4) . }}
-{{- end }}
-{{- if .Values.kubeControllerManager.serviceMonitor.relabelings }}
-    relabelings:
-{{ tpl (toYaml .Values.kubeControllerManager.serviceMonitor.relabelings | indent 4) . }}
-{{- end }}
+  {{- include "kube-prometheus-stack.kubeControllerManager.endpoint" (list $ "") }}
+  {{- if .Values.kubeControllerManager.serviceMonitor.slis }}
+  {{- include "kube-prometheus-stack.kubeControllerManager.endpoint" (list $ "slis") }}
+    path: /metrics/slis
+  {{- end }}
 {{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-proxy/servicemonitor.yaml
@@ -29,25 +29,9 @@ spec:
     matchNames:
       - "kube-system"
   endpoints:
-  - port: {{ .Values.kubeProxy.serviceMonitor.port }}
-    {{- if .Values.kubeProxy.serviceMonitor.interval }}
-    interval: {{ .Values.kubeProxy.serviceMonitor.interval }}
-    {{- end }}
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-    {{- if .Values.kubeProxy.serviceMonitor.proxyUrl }}
-    proxyUrl: {{ .Values.kubeProxy.serviceMonitor.proxyUrl}}
-    {{- end }}
-    {{- if .Values.kubeProxy.serviceMonitor.https }}
-    scheme: https
-    tlsConfig:
-      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-    {{- end}}
-{{- if .Values.kubeProxy.serviceMonitor.metricRelabelings }}
-    metricRelabelings:
-{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.metricRelabelings | indent 4) . }}
-{{- end }}
-{{- if .Values.kubeProxy.serviceMonitor.relabelings }}
-    relabelings:
-{{ tpl (toYaml .Values.kubeProxy.serviceMonitor.relabelings | indent 4) . }}
-{{- end }}
+  {{- include "kube-prometheus-stack.kubeProxy.endpoint" (list $ "") }}
+  {{- if .Values.kubeProxy.serviceMonitor.slis }}
+  {{- include "kube-prometheus-stack.kubeProxy.endpoint" (list $ "slis") }}
+    path: /metrics/slis
+  {{- end }}
 {{- end }}
diff --git a/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml b/charts/kube-prometheus-stack/templates/exporters/kube-scheduler/servicemonitor.yaml
@@ -29,31 +29,13 @@ spec:
     matchNames:
       - "kube-system"
   endpoints:
-  - port: {{ .Values.kubeScheduler.serviceMonitor.port }}
-    {{- if .Values.kubeScheduler.serviceMonitor.interval }}
-    interval: {{ .Values.kubeScheduler.serviceMonitor.interval }}
-    {{- end }}
-    bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
-    {{- if .Values.kubeScheduler.serviceMonitor.proxyUrl }}
-    proxyUrl: {{ .Values.kubeScheduler.serviceMonitor.proxyUrl}}
-    {{- end }}
-    {{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . false true .Values.kubeScheduler.serviceMonitor.https )) "true" }}
-    scheme: https
-    tlsConfig:
-      caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
-      {{- if eq (include "kube-prometheus-stack.kubeScheduler.insecureScrape" (list . nil true .Values.kubeScheduler.serviceMonitor.insecureSkipVerify)) "true" }}
-      insecureSkipVerify: true
-      {{- end }}
-      {{- if .Values.kubeScheduler.serviceMonitor.serverName }}
-      serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }}
-      {{- end}}
-    {{- end}}
-{{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }}
-    metricRelabelings:
-{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.metricRelabelings | indent 4) . }}
-{{- end }}
-{{- if .Values.kubeScheduler.serviceMonitor.relabelings }}
-    relabelings:
-{{ tpl (toYaml .Values.kubeScheduler.serviceMonitor.relabelings | indent 4) . }}
-{{- end }}
+  {{- include "kube-prometheus-stack.kubeScheduler.endpoint" (list $ "") }}
+  {{- if .Values.kubeScheduler.serviceMonitor.slis }}
+  {{- include "kube-prometheus-stack.kubeScheduler.endpoint" (list $ "slis") }}
+    path: /metrics/slis
+  {{- end }}
+  {{- if .Values.kubeScheduler.serviceMonitor.resources }}
+  {{- include "kube-prometheus-stack.kubeScheduler.endpoint" (list $ "resources") }}
+    path: /metrics/resources
+  {{- end }}
 {{- end }}