This message was deleted.
# kubernetess
sparse-intern-71089
07/01/2021, 11:31 PMThis message was deleted.
w
worried-city-86458
07/01/2021, 11:36 PMInitial approach with no transformations using dotnet/c#:
Copy code
// kube prometheus stack; <https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack>
var kubePrometheusStackCrds = new ConfigGroup("kube-prometheus-stack-crds",
new ConfigGroupArgs { Yaml = ReadResource("KubePrometheusStackCrds.yaml") },
new ComponentResourceOptions { /*Protect = true,*/ Provider = k8sProvider });
var monitoringNs = new Namespace("monitoring",
new NamespaceArgs { Metadata = new ObjectMetaArgs { Name = "monitoring" } },
new CustomResourceOptions { Provider = k8sProvider });
var kubePrometheusStackValues =
new Dictionary<string, object>
{
["alertmanager"] = new
{
alertmanagerSpec = new
{
nodeSelector = new { role = "monitoring" },
tolerations = new[] { new { key = "role", @operator = "Exists" } }
},
ingress = new { enabled = false }
},
["grafana"] = new
{
ingress = new { enabled = false },
nodeSelector = new { role = "monitoring" },
tolerations = new[] { new { key = "role", @operator = "Exists" } }
},
["kubeControllerManager"] = new { enabled = false },
["kubeEtcd"] = new { enabled = false },
["kubeScheduler"] = new { enabled = false },
["kube-state-metrics"] = new
{
nodeSelector = new { role = "monitoring" },
tolerations = new[] { new { key = "role", @operator = "Exists" } }
},
["prometheus"] = new
{
ingress = new { enabled = false },
prometheusSpec = new
{
podMonitorSelectorNilUsesHelmValues = false,
serviceMonitorSelectorNilUsesHelmValues = false,
nodeSelector = new { role = "monitoring" },
tolerations = new[] { new { key = "role", @operator = "Exists" } }
}
},
["prometheus-node-exporter"] = new { tolerations = new[] { new { key = "role", @operator = "Exists" } } },
["prometheusOperator"] = new
{
admissionWebhooks = new
{
certManager = new { enabled = true },
patch = new
{
nodeSelector = new { role = "monitoring" },
tolerations = new[] { new { key = "role", @operator = "Exists" } }
}
},
nodeSelector = new { role = "monitoring" },
tolerations = new[] { new { key = "role", @operator = "Exists" } }
}
};
new Chart("kube-prometheus-stack",
new ChartArgs
{
Namespace = monitoringNs.Metadata.Apply(metadata => metadata.Name),
FetchOptions = new ChartFetchArgs { Repo = "<https://prometheus-community.github.io/helm-charts>" },
Chart = "kube-prometheus-stack",
Version = K8sConfig.KubePrometheusStackChartVersion,
Values = kubePrometheusStackValues,
SkipCRDRendering = true
},
new ComponentResourceOptions { DependsOn = { kubePrometheusStackCrds, certManagerCrds }, Provider = k8sProvider });worried-city-86458
07/01/2021, 11:38 PMFails with:
Copy code
+ kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition> monitoring/kube-prometheus-stack-kube-state-metrics create error: Duplicate resource URN
'urn:pulumi:alpha::k8s::kubernetes:<http://helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition::monitoring/kube-prometheus-stack-kube-state-metrics';|helm.sh/v3:Chart$kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition::monitoring/kube-prometheus-stack-kube-state-metrics';> try giving it a unique nameworried-city-86458
07/01/2021, 11:43 PMFull log...
worried-city-86458
07/01/2021, 11:45 PM@better-actor-92669 @gorgeous-country-43026?
g
gorgeous-country-43026
07/02/2021, 5:15 AMHi @worried-city-86458. I gave up, couldn't get it working
gorgeous-country-43026
07/02/2021, 5:16 AMEnded up integrating into Azure Log Analytics even though it costs a ton
w
worried-city-86458
07/02/2021, 6:45 PMb
better-actor-92669
07/05/2021, 8:19 AMhey @worried-city-86458.
Copy code
# Do not wait for services in 'kube-system' namespace
# kps-rapid-kube-prometheus-kube-controller-manager
# kps-rapid-kube-prometheus-kube-etcd
# kps-rapid-kube-prometheus-kube-proxy
# kps-rapid-kube-prometheus-kube-scheduler
def kube_system_not_wait(obj):
if obj["kind"] == "Service":
if obj["metadata"]["namespace"] == "kube-system":
if not obj["metadata"].get("annotations"):
obj["metadata"]["annotations"] =\
{
"<http://pulumi.com/skipAwait|pulumi.com/skipAwait>": "true"
}
# Apply 'DaemonSet(s)' only to 'linux' nodes
def only_linux_nodes(obj):
if obj["kind"] == "DaemonSet":
obj["spec"]["template"]["spec"]["nodeSelector"] =\
{
"<http://beta.kubernetes.io/os|beta.kubernetes.io/os>": "linux"
}
# TODO: Remove this when <https://github.com/pulumi/pulumi-kubernetes/issues/800>
# is fixed
# Remove the .status field from CRDs
def remove_crds_status(obj):
if obj["kind"] == "CustomResourceDefinition":
del obj["status"]
# Do not install CRDs as they are installed via ConfigFile
def omit_crds(obj):
if obj["kind"] == "CustomResourceDefinition":
obj["apiVersion"] = "v1"
obj["kind"] = "List"
# TODO: Remove this after it is fixed
# <https://github.com/pulumi/pulumi-kubernetes/issues/555>
# Remove Grafana's 'test-pod'
def omit_grafana_test_pod(obj):
# if obj["kind"] == "Pod" and 'grafana-test' in obj["metadata"]["name"]:
if 'grafana-test' in obj["metadata"]["name"]:
obj["apiVersion"] = "v1"
obj["kind"] = "List"w
worried-city-86458
07/06/2021, 2:15 AMThanks, @better-actor-92669. I got it to work with a few differences to the above. In particular I didn't need the
skipAwaitworried-city-86458
07/06/2021, 2:16 AM Copy code
new Chart("kube-prometheus-stack",
new ChartArgs
{
Namespace = monitoringNs.Metadata.Apply(metadata => metadata.Name),
FetchOptions = new ChartFetchArgs { Repo = "<https://prometheus-community.github.io/helm-charts>" },
Chart = "kube-prometheus-stack",
Version = K8sConfig.KubePrometheusStackChartVersion,
Values = kubePrometheusStackValues,
SkipCRDRendering = true,
Transformations =
{
(obj, _) => obj.MutateWhenKind("PodSecurityPolicy", mutable => mutable.OmitNamespace()),
(obj, _) => obj.MutateWhenKind("AlertManager", mutable => mutable.SetName(name => $"{name}-am")),
(obj, _) => obj.MutateWhenKind("PrometheusRule", mutable => mutable.SetName(name => $"{name}-pr")),
(obj, _) => obj.MutateWhenKind("ServiceMonitor", mutable => mutable.SetName(name => $"{name}-sm")),
(obj, _) => obj.MutateWhenName("kps-grafana-test", mutable => mutable.Exclude())
}
},
new ComponentResourceOptions { DependsOn = { kubePrometheusStackCrds, certManagerCrds }, Provider = k8sProvider });worried-city-86458
07/06/2021, 2:17 AMThe main issue really is the non-unique names for crd instances - I had to tweak the names to force pulumi to generate unique urns.
worried-city-86458
07/06/2021, 2:20 AM@gorgeous-egg-16927 this is a long standing issue that really needs to be fixed. I'm confused as to why pulumi is not using the crd kind instead of the generic
CustomResourceDefinitionb
better-actor-92669
07/06/2021, 8:13 AM@worried-city-86458, I don't remember to be honest, but my best guess is that some of the Services in kube-system namespace wouldn't be marked as "ready" by Pulumi ("pulumi up" was timing out), so I had to bypass that manually
58 Views